I'm configuring a TLS listener on an index cluster. Given this inputs.conf:
[splunktcp://50514] queueSize = 100MB [splunktcp-ssl://9998] disabled = 0 [SSL] serverCert = /opt/splunk/etc/auth/certs/my_cert.pem sslVersions = tls1.2 useClientSSLCompression = true requireClientCert = false
why do I get the error "[Not Critical] Invalid key in stanza [SSL] in /opt/splunk/etc/master-apps/my_app/local/inputs.conf, line 10: useClientSSLCompression (value: true)" when i run 'splunk show cluster-bundle-status' ?
According to https://docs.splunk.com/Documentation/Splunk/6.6.2/Security/ConfigureSplunkforwardingtousesignedcert... "useClientSSLCompression" is a valid key in the SSL stanza in "inputs.conf" on an indexer.
Per the link you provided, useClientSSLCompression is part of the [tcpout] stanza, not the [SSL] stanza:
This stanza is there in the outputs.conf and not in inputs.conf.
While I appreciate your suggestion, I don't think it's correct, or perhaps there are multiple errors in the docs. I'm configuring clustered indexers. The link I included specifically states that the key and stanza belong in "inputs.conf" on the indexer. The documentation you linked to for "outputs.conf" says:
"Forwarders require outputs.conf; non-forwarding Splunk instances do not use it. It determines how the forwarder sends data to receiving Splunk instances, either indexers or other forwarders."
But thank you for finding the links and including them so I could review.