All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why am I getting connection resets after installing and restarting the Splunk App for VMware on Splunk 6.2.1?

rdrr66
Engager
‎02-05-2015 02:18 PM

Working on a POC.

Installed splunk 6.2.1 logged in and changed the admin passwd. I then was able to install a few apps, Splunk App for Unix and Linux, and the example dashboard. Restarted and everything looked good. Then I went to install Splunk App for VMware, by unzipping splunk_app_vmware-3.1.3-246514.zip in the $SPLUNKHOME directory as the splunk user. Restart the application and now I am getting connection resets.

In the splunkd.log

02-05-2015 16:55:30.036 -0500 WARN  HttpListener - Socket error from X.X.X.X while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request

If I remove the Splunk App for VMware, splunk works fine. I have gone through the default install twice and had the same result each time.

Reply
1 Solution
Solved! Jump to solution
Solution

David
Splunk Employee
Splunk Employee
‎02-05-2015 05:37 PM

It looks to me like you're trying to connect to http://x.x.x.x/ and Splunk is expecting https://x.x.x.x/. Many premium Splunk apps will enable SSL by default (you should do it anyway!), but it can be surprising if you miss the warning. Try connecting on https and see if you're able to get to Splunk.

I was able to find this same error with that solution by googling for the error message (it's not Splunk specific, thankfully):
http://stackoverflow.com/questions/20047840/lighttpd-ssl-error
http://stackoverflow.com/questions/24175755/ssl-error-on-tornado-server

View solution in original post

Reply
Solved! Jump to solution
Solution

David
Splunk Employee
Splunk Employee
‎02-05-2015 05:37 PM

It looks to me like you're trying to connect to http://x.x.x.x/ and Splunk is expecting https://x.x.x.x/. Many premium Splunk apps will enable SSL by default (you should do it anyway!), but it can be surprising if you miss the warning. Try connecting on https and see if you're able to get to Splunk.

I was able to find this same error with that solution by googling for the error message (it's not Splunk specific, thankfully):
http://stackoverflow.com/questions/20047840/lighttpd-ssl-error
http://stackoverflow.com/questions/24175755/ssl-error-on-tornado-server

Reply
Solved! Jump to solution

rdrr66
Engager
‎02-06-2015 08:04 AM

Thanks that was it, guess I missed that in the install guide. Shouldn't rush through those things...

0 Karma
Reply
Solved! Jump to solution

Masa
Splunk Employee
Splunk Employee
‎02-05-2015 05:35 PM

The message itself is the server was SSL-enabled but it received a non-SSL HTTP request. VMware app enabled splunkweb SSL. Any proxy between your browser and the Search head?

0 Karma
Reply
Solved! Jump to solution

cam343
Path Finder
‎08-22-2016 08:32 PM

I know this is an old thread, but further to this my issue was that ...etc/system/local/server.conf had:

enableSplunkdSSL = false

In it, removing that line / setting it to true fixed my issue

Reply
Solved! Jump to solution

Masa
Splunk Employee
Splunk Employee
‎08-24-2016 11:00 AM

Thank you, cam343. It is good to know non-SSL splunkd will cause this issue, too.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...