i am getting 2 different errors on my Splunk server - please see attached for errors, unsure what is wrong
thanks for all your help
Hi rsingh!
The tcpInputProc error about unknown protocol is usually due to the forwarder using a version of ssl that the indexer restricts..
Check the server.conf as per this doc:
https://docs.splunk.com/Documentation/Splunk/6.5.1/Security/SetyourSSLversion
Or ensure the certs being used are ok.
You can ensure your UF uses the right ssl version with sslVersions in outputs.conf
https://docs.splunk.com/Documentation/Splunk/6.5.1/Admin/Outputsconf
Your second error is simply search activity that contains the string error in it. You can filter that put by only searching source=*splunkd.log
Hi rsingh!
The tcpInputProc error about unknown protocol is usually due to the forwarder using a version of ssl that the indexer restricts..
Check the server.conf as per this doc:
https://docs.splunk.com/Documentation/Splunk/6.5.1/Security/SetyourSSLversion
Or ensure the certs being used are ok.
You can ensure your UF uses the right ssl version with sslVersions in outputs.conf
https://docs.splunk.com/Documentation/Splunk/6.5.1/Admin/Outputsconf
Your second error is simply search activity that contains the string error in it. You can filter that put by only searching source=*splunkd.log
thanks mmodestino - i think i resolved the previous errors but now i am getting a new one
ERROR ExecProcessor - message from ""C:\Program Files\Splunk\bin\splunk-perfmon.exe"" splunk-perfmon - OutputHandler::composeOutput: Counter is not found: Page Faults/sec
thanks i fixed it
Awesome! Glad you are up and working!
Could you share what you did to resolve the issue so that future readers can benefit?
makes sure - i was able to click on the error itself and it showed me which server was having the error. looks like the server had an old output.conf splunk server
thanks again