Splunk Dev
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

104, Connection Reset by Peer error

loginsoft
Loves-to-Learn Lots
‎06-11-2020 11:58 PM

We created a Splunk Add-on for one of our customers. We are able to call the Rest API and index the data in our environment. But when our client installed the Add-on he gets the below error message. 

Error, connection aborted , 104, Connection Reset by Peer error. Below is the screenshot of the log.

We deployed the same AWS and GCP and it is working fine except in client environment.  

We did a curl to the URL from the client server and it is working fine. Also the same URL is used in Splunk by our client in other Apps.

Can someone kindly help us here. We burned our all our debugging options. 

image001.jpg

 

 

 

 

Labels (4)
Labels
0 Karma
Reply

livehybrid
SplunkTrust
SplunkTrust
‎06-12-2020 12:16 AM

Does the customer have an outbound firewall/security group that could be blocking the connection, or a transparent proxy that is filtering/blocking the traffic?

If you're using SplunkCloud and connecting to a port other than 443 then you might need to request that it be opened up by CloudOps via a support ticket.

 

Tags (1)
0 Karma
Reply

loginsoft
Loves-to-Learn Lots
‎06-12-2020 12:25 AM

Thanks @livehybrid  for the reply.

Our customer is using on-prem instance. Also we queried the URL using wget command in splunk. It is working with wget. So now, will it be still issue with Firewall/Security Group/Filtering? 

 

0 Karma
Reply

livehybrid
SplunkTrust
SplunkTrust
‎06-12-2020 01:12 AM

In that case its unlikely to be firewall related!

The other thing I was wondering is could it be connecting on the wrong protocol? e.g. can you confirm that you're connecting with HTTPS if the endpoint is HTTPS? 

The other thing to check for is any proxies in the way that you might not go through when testing in the CLI - its worth checking in server.conf for a [proxyConfig] stanza, and in /opt/splunk/etc/splunk-launch.conf for any environment variable setting of proxies.

 

0 Karma
Reply

loginsoft
Loves-to-Learn Lots
‎06-12-2020 01:18 AM

@livehybrid  yes it is Https to Https call. Will check the config stanza and get back to you.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...