All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Corrupted events using HTTPS and TCP (with SSL)

gary_byron
Loves-to-Learn Lots
‎09-10-2017 06:47 PM

Has anyone had issues with the latest version of ta-protocol adapater corrupting the data that comes in?
We have two feeds, one a HTTPS setup receiving from Akamai and the other just a straight TCP feed (SSL enable)
The data for both of them seems to get corrupted, either the events get split, or truncated at various points.
Its not the Splunk limits as far as I can tell.

0 Karma
Reply

gary_byron
Loves-to-Learn Lots
‎09-11-2017 06:44 PM

Sure, listed below. Thanks - I was also looking at the TCP buffer size also, but couldn't see what the default value was.
I had assumed it was just a number (in bytes)

[protocol://Akamai-Receiver]
bind_address = 0.0.0.0
client_auth_required = 0
index = prod_akamai
ip_version = v4
is_multicast = 0
output_type = stdout
port = 6710
protocol = http
set_broadcast = 0
set_multicast_loopback_mode = 0
sourcetype = waf:akamai:json
tcp_keepalive = 0
tcp_nodelay = 0
use_ssl = 1
keystore_pass = xxxx
keystore_path = /opt/splunk/etc/apps/IG_Certs/local/xxxx.jks
disabled = 0
server_verticle_instances = 2

0 Karma
Reply

Damien_Dallimor
Ultra Champion
‎09-11-2017 06:17 PM

Can you describe your setup configuration ? ie: the protocol:// stanza from inputs.conf would help.

Boosting your TCP receive buffer size may help , there is a field for this in the configuration.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Unlocking Unified Insights: New Gigamon Federated Search App for Splunk

In today’s data-heavy environment, organizations are caught in a data distribution dilemma. As data volumes ...

GA: New Data Management App in Splunk Platform

Streamlining Data Management: Introducing a unified experience in Splunk Managing data at scale shouldn’t feel ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...