Re: Log fetching issues - Http event collector

krvamsireddy · ‎09-15-2020

Hi ,we created a token and shared with the enduser to configure and send the logs on secure https.

if i run the curl command then it is successful for first 2 or 3 times after that i am facing the
OpenSSL SSL_connect : SSL_ERROR_SYSCALL issue and again in middle of i see some success messages. how to find the root cause for this problem.

krvamsireddy · ‎09-15-2020

i tried with curl -v got some details like - If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate

ITWhisperer · ‎09-15-2020

Did you try

curl -v -k ...

so at least the certificate verification is switched off - alternatively, add the CA certificate to your trust store.

Interesting that it works sometimes and not others. Do you have multiple splunk servers (behind a load balancer perhaps)?

krvamsireddy · ‎09-24-2020

we are forwarding the data directly to search head from there it will move to indexer and we have 2 indexers

alternatively, add the CA certificate to your trust store - where to add at client or in splunk ?

ITWhisperer · ‎09-15-2020

You could try adding the verbose option to curl

curl -v ...

and see what other information you can find out

Log fetching issues - Http event collector

HTTP Event Collector

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor