Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk weburl not coming up. after configuring universal forwarder

ahmemohs03
Explorer
‎07-18-2018 07:57 AM

I had installed splunk 7.1.1 on Linux machine and started with id/passwd, it was coming up, then I installed splunk universal forwarder on the other Linux machine to get logs from but splunk weburl not coming up, splunk is running, and I stop splunk forwarder, in splunkd.log is see below error

ERROR TcpInputProc - Message rejected. Received unexpected message of size=1195725856 bytes from src=10.46.238.52:54385 in streaming mode. Maximum message size allowed=67108864. (::) Possible invalid source sending data to splunktcp port or valid source sending unsupported payload.

please suggest

Tags (1)
0 Karma
Reply

woodcock
Esteemed Legend
‎07-18-2018 10:12 AM

If you are sending SSL encrypted data to non-SSL listening Indexer (or vice-versa), the Indexer will reject with this error. In earlier versions an SSL-listener would accept non-encrypted payloads but this changed in v7.? (check the release notes). So if you upgrade and have this misconfigured, what worked before may be rejected now.

0 Karma
Reply

ahmemohs03
Explorer
‎07-18-2018 11:22 AM

Thanks for quick reply, can you please suggest what should I do now?
Do I need to install splunk full version and make as forwarder if yes, please let me know the installation and configuration steps for splunk full version as forwarder.

0 Karma
Reply

PowerPacked
Builder
‎07-18-2018 09:45 AM

Hi @ahmemohs03

I believe the universal forwarder version of Splunk is light version of Splunk software, these light versions of splunk do not have the Web UI interface enabled.

You can install the full version of Splunk and make it as a universal forwarder, so that it can be used as forwarder & UI is enabled as well.

Thanks

0 Karma
Reply

ahmemohs03
Explorer
‎07-18-2018 09:54 AM

Thanks for quick response,

Splunk universal forwarder is 7.1.1 version, and I installed in it a Linux machine whose logs need to see on another Linux server where full version of splunk is installed. Do you want me to uninstalled UF and installed splunk full version and how to make a full version splunk to universal forwarder?

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...