Log fetching issues - Http event collector

krvamsireddy · ‎09-15-2020

Hi ,we created a token and shared with the enduser to configure and send the logs on secure https.

if i run the curl command then it is successful for first 2 or 3 times after that i am facing the
OpenSSL SSL_connect : SSL_ERROR_SYSCALL issue and again in middle of i see some success messages. how to find the root cause for this problem.

krvamsireddy · ‎09-15-2020

i tried with curl -v got some details like - If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate

ITWhisperer · ‎09-15-2020

Did you try

curl -v -k ...

so at least the certificate verification is switched off - alternatively, add the CA certificate to your trust store.

Interesting that it works sometimes and not others. Do you have multiple splunk servers (behind a load balancer perhaps)?

krvamsireddy · ‎09-24-2020

we are forwarding the data directly to search head from there it will move to indexer and we have 2 indexers

alternatively, add the CA certificate to your trust store - where to add at client or in splunk ?

ITWhisperer · ‎09-15-2020

You could try adding the verbose option to curl

curl -v ...

and see what other information you can find out

Log fetching issues - Http event collector

HTTP Event Collector

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!