Getting Data In

Getting errors in logs when forwarding data from one indexer to another in a different environment.

sdkp03
Path Finder

I have Splunk set up in 2 different environments. Splunk in environment A is accessible to all users. Splunk in environment B is accessible to limited users. Data in environment B is indexed into multiple indexes.  I want data from index A to be forwarded to the indexer of Splunk in environment A. I have modified outputs.conf of indexer in Splunk B with below values:

[tcpout]
indexAndForward = true
forwardedindex.filter.disable = false
forwardedindex.2.whitelist = os_abc
forwardedindex.0.blacklist = history
forwardedindex.1.blacklist = main
forwardedindex.2.blacklist = os_cde
forwardedindex.3.blacklist = summary
[tcpout:ostravam]
disabled = false
server = hostip:port

Error from logs from the indexer server as mentioned below:

07-21-2020 00:45:57.221 -0400 ERROR TcpOutputFd - Read error. Connection reset by peer
07-21-2020 00:45:57.221 -0400 WARN TcpOutputProc - Applying quarantine to ip=10.145.243.21 port=9997 _numberOfFailures=2
07-21-2020 00:45:57.224 -0400 INFO ProxyConfig - Failed to initialize http_proxy from server.conf for splunkd. Please make sure that the http_proxy property is set as http_proxy=http://host:port in case HTTP proxying needs to be enabled.

Error from logs of the server I was connecting to:

07-21-2020 15:39:48.975 +1000 ERROR TcpInputProc - Error encountered for connection from src=10.87.238.134:35248.
error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
07-21-2020 15:39:48.979 +1000 ERROR TcpInputProc - Error encountered for connection from src=10.87.238.134:35250.
error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

Is there anything that could assist me in getting around this?

Labels (1)
0 Karma
1 Solution

sdkp03
Path Finder

Got this resolved by using client certificate

View solution in original post

0 Karma

sdkp03
Path Finder

Got this resolved by using client certificate

0 Karma
Get Updates on the Splunk Community!

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...

Reminder! Splunk Love Promo: $25 Visa Gift Card for Your Honest SOAR Review With ...

We recently launched our first Splunk Love Special, and it's gone phenomenally well, so we're doing it again, ...