Splunk Dev
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

104, Connection Reset by Peer error

loginsoft
Loves-to-Learn Lots
‎06-11-2020 11:58 PM

We created a Splunk Add-on for one of our customers. We are able to call the Rest API and index the data in our environment. But when our client installed the Add-on he gets the below error message. 

Error, connection aborted , 104, Connection Reset by Peer error. Below is the screenshot of the log.

We deployed the same AWS and GCP and it is working fine except in client environment.  

We did a curl to the URL from the client server and it is working fine. Also the same URL is used in Splunk by our client in other Apps.

Can someone kindly help us here. We burned our all our debugging options. 

image001.jpg

 

 

 

 

Labels (4)
Labels
0 Karma
Reply

livehybrid
Champion
‎06-12-2020 12:16 AM

Does the customer have an outbound firewall/security group that could be blocking the connection, or a transparent proxy that is filtering/blocking the traffic?

If you're using SplunkCloud and connecting to a port other than 443 then you might need to request that it be opened up by CloudOps via a support ticket.

 

Tags (1)
0 Karma
Reply

loginsoft
Loves-to-Learn Lots
‎06-12-2020 12:25 AM

Thanks @livehybrid  for the reply.

Our customer is using on-prem instance. Also we queried the URL using wget command in splunk. It is working with wget. So now, will it be still issue with Firewall/Security Group/Filtering? 

 

0 Karma
Reply

livehybrid
Champion
‎06-12-2020 01:12 AM

In that case its unlikely to be firewall related!

The other thing I was wondering is could it be connecting on the wrong protocol? e.g. can you confirm that you're connecting with HTTPS if the endpoint is HTTPS? 

The other thing to check for is any proxies in the way that you might not go through when testing in the CLI - its worth checking in server.conf for a [proxyConfig] stanza, and in /opt/splunk/etc/splunk-launch.conf for any environment variable setting of proxies.

 

0 Karma
Reply

loginsoft
Loves-to-Learn Lots
‎06-12-2020 01:18 AM

@livehybrid  yes it is Https to Https call. Will check the config stanza and get back to you.

0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Brute Force Account Takeover Fraud with Splunk

This article is the second in a three-part series exploring advanced fraud detection techniques using Splunk. ...

Buttercup Games: Further Dashboarding Techniques (Part 9)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Buttercup Games: Further Dashboarding Techniques (Part 8)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
Top