Getting Data In

Log fetching issues - Http event collector

krvamsireddy
Explorer

Hi ,we created a token and shared with the enduser to configure and send the logs on secure https.

if i run the curl command then it is successful for first 2 or 3  times after that i am facing the 
OpenSSL SSL_connect : SSL_ERROR_SYSCALL  issue and again in middle of i see some success messages.  how to find the root cause for this problem.

krvamsireddy_0-1600172798757.png

 

Labels (1)
0 Karma

krvamsireddy
Explorer

i tried with curl -v got some details like - If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate

krvamsireddy_0-1600176239130.png

 

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

Did you try

curl -v -k ...

so at least the certificate verification is switched off - alternatively, add the CA certificate to your trust store.

Interesting that it works sometimes and not others. Do you have multiple splunk servers (behind a load balancer perhaps)? 

0 Karma

krvamsireddy
Explorer

we are forwarding the data directly to search head from there it will move to indexer and we have 2 indexers

alternatively, add the CA certificate to your trust store - where to add at client or in splunk ?

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

You could try adding the verbose option to curl

curl -v ...

and see what other information you can find out 

0 Karma
Get Updates on the Splunk Community!

Set Up More Secure Configurations in Splunk Enterprise With Config Assist

This blog post is part 3 of 4 of a series on Splunk Assist. Click the links below to see the other ...

Observability Highlights | November 2022 Newsletter

 November 2022Observability CloudEnd Of Support Extension for SignalFx Smart AgentSplunk is extending the End ...

Enterprise Security Content Update (ESCU) v3.54.0

The Splunk Threat Research Team (STRT) recently released Enterprise Security Content Update (ESCU) v3.54.0 and ...