Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why are AWS ELB Health Checks not working properly after upgrading to Splunk 6.6.0?

eandresen
Path Finder
‎05-17-2017 10:05 AM

I am having some issues specifically with the Splunk 6.6.0 version and my AWS ELB health checks not going healthy. I wanted to see if it is a one-off issue or others were having the same problems before I open up a Splunk Enterprise Support Case.

The problem, I have a proof of concept environment setup within one of our AWS accounts and recently upgraded it from v6.5 to v6.6.0 to test it out before deploying it. Post upgrade, the following health check, which were were working fine prior to the upgrade, is no longer working.

alt text

I have attempted to remove the nodes from the original ELB and add them back into it without any luck. I have also deleted the original ELB and re-created it with the same settings as before the upgrade without any luck.

There are only two ways I can get the health check to work properly. The first one is when I change the health check over to TCP:443 instead of HTTPs:443 and the nodes flip over to inservice. That is not an option I want to use as it only watches for a listening port and not that Splunk is running. The second one is if I put Splunk v6.3 or v6.5 instances into the same ELB and those nodes will flip over to inservice.

As a side note, the exact same health checks works fine in a Application ELB but not with the Classic ELB. The problem with that option is we cannot get it working for the Splunk API, another project for later.

Any thoughts? Thanks in advanced for the help!

Labels (1)
Labels
Preview file
1 KB
Reply
1 Solution
Solved! Jump to solution
Solution

vliggio
Communicator
‎06-01-2017 06:07 AM

Splunk removed the TLS1.2 cypher from web.conf, which breaks the ELB health check and SSL termination. Not sure if it's something that AWS needs to fix as well (as in support the stronger cyphers on the backend SSL connections), but in the meantime, add the following to your local web.conf in the location of your choice

local/web.conf cipherSuite = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:TLSv1.2+HIGH:@STRENGTH

6.5.x setting:

/opt/splunk/etc/system/default/web.conf cipherSuite = TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH

6.6.x setting:
/opt/splunk/etc/system/default/web.conf cipherSuite = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

View solution in original post

Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...