Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

After installing a new UF, why is it not forwarding logs to the Indexers?

u2s1e0n2
New Member
‎05-10-2018 10:30 AM 
05-10-2018 15:13:13.954 +0000 ERROR TcpOutputProc - Error initializing SSL context - invalid sslCertPath for server 45.125.XXX.X:9997
05-10-2018 15:13:13.959 +0000 ERROR SSLCommon - Can't read key file /opt/splunkforwarder/etc/auth/server.pem errno=151429224 error:0906A068:PEM routines:PEM_do_header:bad password read.

I just installed a new UF but it's not forwarding logs to the Indexers and the $SPLUNKHOME /var/log/splunk/splunkd.log shows the error message above. The IP in the error message is that of the Indexer: It is connecting to the Deployment Server and getting configs but not sending logs to the Indexers.
I need help understanding what is happening. I have reinstalled the UF but still got the same error messages.

The certs are default Splunk certs

Thanks

0 Karma
Reply

xpac
SplunkTrust
SplunkTrust
‎05-10-2018 03:51 PM

Please check if /opt/splunkforwarder/etc/auth/server.pem exists and can be read by the user Splunk runs at it. Have you modified it, or the password used for it? Does your outputs.conf contain a special sslCertPath settings for your indexers? If yes, check that file too.

0 Karma
Reply
Get Updates on the Splunk Community!

New Year, New Changes for Splunk Certifications

As we embrace a new year, we’re making a small but important update to the Splunk Certification ...

Stay Connected: Your Guide to January Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...

[Puzzles] Solve, Learn, Repeat: Reprocessing XML into Fixed-Length Events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...