Hi ,we created a token and shared with the enduser to configure and send the logs on secure https.
if i run the curl command then it is successful for first 2 or 3 times after that i am facing the
OpenSSL SSL_connect : SSL_ERROR_SYSCALL issue and again in middle of i see some success messages. how to find the root cause for this problem.
i tried with curl -v got some details like - If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate
Did you try
curl -v -k ...
so at least the certificate verification is switched off - alternatively, add the CA certificate to your trust store.
Interesting that it works sometimes and not others. Do you have multiple splunk servers (behind a load balancer perhaps)?
we are forwarding the data directly to search head from there it will move to indexer and we have 2 indexers
alternatively, add the CA certificate to your trust store - where to add at client or in splunk ?
You could try adding the verbose option to curl
curl -v ...
and see what other information you can find out