Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to resolve "tcp-rst-from-server" & "tcp-rst-from-client" errors?

yossefn
Path Finder
‎11-11-2020 01:52 AM

Hi, 

I'm trying to collect logs from a web servers, but getting an error on the FIrewall says "tcp-rst-from-server" on port 9997. Also, I have another error "tcp-rst-from-client" on port 8089.

I have to say that there are other servers in the same VLAN that I'm getting logs from. 

Where can I look to solve the problem?

Labels (1)
Labels
0 Karma
Reply

sbaror11
Explorer
‎11-11-2020 02:51 AM

Is it a question about Splunk or about the web servers? 

tcp reset from client or from servers is a layer-2 error which refers to an application layer related event

It can be described as "the client or server terminated the session but I don't know why"

You can look at the application (http/https) logs to see the reason. 

0 Karma
Reply

yossefn
Path Finder
‎11-11-2020 03:40 AM

Hi @sbaror11

The question is about Splunk - wondered if maybe Splunk denied somehow the connection, or I missed some configuration that preventing me from getting the logs. 

I had kind of issue with "aged-out" errors on the FW logs, then I figured out that the local FW on the Splunk servers denied the connection. 

0 Karma
Reply

kgalibert
New Member
‎03-31-2022 03:05 AM

Hi,

Do you have find your solution?

Have same issue between an UF on Windows server AD and an UF Relay.

Thans

0 Karma
Reply
Get Updates on the Splunk Community!

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...