Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Large number of errors processing data from forwarders over SSL

nurtdi
Path Finder
‎04-13-2011 08:28 PM

The data is being indexed, but a lot of errors in splunkd.log

this is a snippet of log after running splunk indexer in debug mode:

04-13-2011 15:54:08.135 ERROR TcpInputProc - Error encountered for connection from src=xxx.xxx.xxx.xxx:2744. Success
04-13-2011 15:54:08.135 DEBUG StatusMgr - Updating status for TcpInputProcessor
04-13-2011 15:54:08.135 INFO  StatusMgr - destPort=9992, eventType=connect_close, sourceHost=xxx.xxx.xxx.xxx, sourceIp=xxx.xxx.xxx.xxx, sourcePort=2744, statusee=                    TcpInputProcessor
04-13-2011 15:54:08.135 ERROR TcpInputProc - Error encountered for connection from src=xxx.xxx.xxx.xxx:3473. Success
04-13-2011 15:54:08.135 DEBUG StatusMgr - Updating status for TcpInputProcessor
04-13-2011 15:54:08.135 INFO  StatusMgr - destPort=9992, eventType=connect_close, sourceHost=xxx.xxx.xxx.xxx, sourceIp=xxx.xxx.xxx.xxx, sourcePort=3473, statusee=                    TcpInputProcessor
04-13-2011 15:54:08.342 DEBUG StatusMgr - Updating status for TcpInputProcessor
04-13-2011 15:54:08.342 INFO  StatusMgr - destPort=9997, eventType=connect_close, sourceHost=xxx.xxx.xxx.xxx, sourceIp=xxx.xxx.xxx.xxx, sourcePort=61588, statusee=T                    cpInputProcessor
04-13-2011 15:54:08.399 DEBUG StatusMgr - Updating status for TcpInputProcessor
04-13-2011 15:54:08.553 ERROR TcpInputProc - Error encountered for connection from src=xxx.xxx.xxx.xxx:2575. Success
04-13-2011 15:54:08.553 DEBUG StatusMgr - Updating status for TcpInputProcessor
04-13-2011 15:54:08.553 INFO  StatusMgr - destPort=9992, eventType=connect_close, sourceHost=xxx.xxx.xxx.xxx, sourceIp=xxx.xxx.xxx.xxx, sourcePort=2575, statusee=                    TcpInputProcessor

Thank you, Ildus

Reply

jkerai
Splunk Employee
Splunk Employee
‎04-17-2011 10:58 PM

Unfortunately this is a bug and we are trying to identify root cause.

0 Karma
Reply

Jeremiah
Motivator
‎05-04-2011 04:17 PM

Any update?

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...