Getting Data In

Getting errors in logs when forwarding data from one indexer to another in a different environment.

sdkp03
Communicator

I have Splunk set up in 2 different environments. Splunk in environment A is accessible to all users. Splunk in environment B is accessible to limited users. Data in environment B is indexed into multiple indexes.  I want data from index A to be forwarded to the indexer of Splunk in environment A. I have modified outputs.conf of indexer in Splunk B with below values:

[tcpout]
indexAndForward = true
forwardedindex.filter.disable = false
forwardedindex.2.whitelist = os_abc
forwardedindex.0.blacklist = history
forwardedindex.1.blacklist = main
forwardedindex.2.blacklist = os_cde
forwardedindex.3.blacklist = summary
[tcpout:ostravam]
disabled = false
server = hostip:port

Error from logs from the indexer server as mentioned below:

07-21-2020 00:45:57.221 -0400 ERROR TcpOutputFd - Read error. Connection reset by peer
07-21-2020 00:45:57.221 -0400 WARN TcpOutputProc - Applying quarantine to ip=10.145.243.21 port=9997 _numberOfFailures=2
07-21-2020 00:45:57.224 -0400 INFO ProxyConfig - Failed to initialize http_proxy from server.conf for splunkd. Please make sure that the http_proxy property is set as http_proxy=http://host:port in case HTTP proxying needs to be enabled.

Error from logs of the server I was connecting to:

07-21-2020 15:39:48.975 +1000 ERROR TcpInputProc - Error encountered for connection from src=10.87.238.134:35248.
error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
07-21-2020 15:39:48.979 +1000 ERROR TcpInputProc - Error encountered for connection from src=10.87.238.134:35250.
error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

Is there anything that could assist me in getting around this?

Labels (1)
0 Karma
1 Solution

sdkp03
Communicator

Got this resolved by using client certificate

View solution in original post

0 Karma

sdkp03
Communicator

Got this resolved by using client certificate

0 Karma
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...