Monitoring Splunk
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Large number of errors processing data from forwarders over SSL

nurtdi
Path Finder
‎04-13-2011 08:28 PM

The data is being indexed, but a lot of errors in splunkd.log

this is a snippet of log after running splunk indexer in debug mode:

04-13-2011 15:54:08.135 ERROR TcpInputProc - Error encountered for connection from src=xxx.xxx.xxx.xxx:2744. Success
04-13-2011 15:54:08.135 DEBUG StatusMgr - Updating status for TcpInputProcessor
04-13-2011 15:54:08.135 INFO  StatusMgr - destPort=9992, eventType=connect_close, sourceHost=xxx.xxx.xxx.xxx, sourceIp=xxx.xxx.xxx.xxx, sourcePort=2744, statusee=                    TcpInputProcessor
04-13-2011 15:54:08.135 ERROR TcpInputProc - Error encountered for connection from src=xxx.xxx.xxx.xxx:3473. Success
04-13-2011 15:54:08.135 DEBUG StatusMgr - Updating status for TcpInputProcessor
04-13-2011 15:54:08.135 INFO  StatusMgr - destPort=9992, eventType=connect_close, sourceHost=xxx.xxx.xxx.xxx, sourceIp=xxx.xxx.xxx.xxx, sourcePort=3473, statusee=                    TcpInputProcessor
04-13-2011 15:54:08.342 DEBUG StatusMgr - Updating status for TcpInputProcessor
04-13-2011 15:54:08.342 INFO  StatusMgr - destPort=9997, eventType=connect_close, sourceHost=xxx.xxx.xxx.xxx, sourceIp=xxx.xxx.xxx.xxx, sourcePort=61588, statusee=T                    cpInputProcessor
04-13-2011 15:54:08.399 DEBUG StatusMgr - Updating status for TcpInputProcessor
04-13-2011 15:54:08.553 ERROR TcpInputProc - Error encountered for connection from src=xxx.xxx.xxx.xxx:2575. Success
04-13-2011 15:54:08.553 DEBUG StatusMgr - Updating status for TcpInputProcessor
04-13-2011 15:54:08.553 INFO  StatusMgr - destPort=9992, eventType=connect_close, sourceHost=xxx.xxx.xxx.xxx, sourceIp=xxx.xxx.xxx.xxx, sourcePort=2575, statusee=                    TcpInputProcessor

Thank you, Ildus

Reply

jkerai
Splunk Employee
Splunk Employee
‎04-17-2011 10:58 PM

Unfortunately this is a bug and we are trying to identify root cause.

0 Karma
Reply

Jeremiah
Motivator
‎05-04-2011 04:17 PM

Any update?

0 Karma
Reply
Get Updates on the Splunk Community!

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

Overwhelmed SOC? Splunk ES Has Your Back Tool sprawl, alert fatigue, and endless context switching are making ...

What’s New & Next in Splunk SOAR

Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us on ...
Top