Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Log fetching issues - Http event collector

krvamsireddy
Explorer
‎09-15-2020 05:29 AM

Hi ,we created a token and shared with the enduser to configure and send the logs on secure https.

if i run the curl command then it is successful for first 2 or 3  times after that i am facing the 
OpenSSL SSL_connect : SSL_ERROR_SYSCALL  issue and again in middle of i see some success messages.  how to find the root cause for this problem.

krvamsireddy_0-1600172798757.png

 

Labels (1)
Labels
0 Karma
Reply

krvamsireddy
Explorer
‎09-15-2020 06:24 AM

i tried with curl -v got some details like - If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate

krvamsireddy_0-1600176239130.png

 

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎09-15-2020 06:42 AM

Did you try

curl -v -k ...

so at least the certificate verification is switched off - alternatively, add the CA certificate to your trust store.

Interesting that it works sometimes and not others. Do you have multiple splunk servers (behind a load balancer perhaps)? 

0 Karma
Reply

krvamsireddy
Explorer
‎09-24-2020 06:40 AM

we are forwarding the data directly to search head from there it will move to indexer and we have 2 indexers

alternatively, add the CA certificate to your trust store - where to add at client or in splunk ?

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎09-15-2020 05:40 AM

You could try adding the verbose option to curl

curl -v ...

and see what other information you can find out 

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...