Monitoring Splunk

Message rejected .Recevd unexpected 1532714272 byte message! ...

xsstest
Communicator

I am monitor a log file on data source server[IP :172.1.1.100] via UF.then sent it to a middle forwarder(Due to limited network access,I must need a middle forwarder). then middle forwarder forward it to cluster indexer.But my indexer did not receive any logs.I'm checked for _internal. get the followling error:

'TcpInputProc’ Message rejected .Recevd unexpected 1532714272 byte message! from src=172.1.1.100:42613 ,Maxinum message allowed:67108864.(::)

The following is inputs.conf and outputs.conf on data source server

cat /opt/splunkforwarder/etc/apps/SplunkUniversalForwarder/local/inputs.conf

[monitor:///data/www/logs/paycloud-app.log]
index=tomcat
sourcetype=tomcat_paycloud-app

cat /opt/splunkforwarder/etc/apps/SplunkUniversalForwarder/local/outputs.conf

[tcpout:indexer1]
server=172.21.1.111:9997
[tcpout]
defaultGroup = indexer1

The following is inputs.conf and outputs.conf on middle forwarder

cat /opt/splunkforwarder/etc/apps/SplunkUniversalForwarder/local/inputs.conf

[splunktcp://9997]
host=connection_ip

cat /opt/splunkforwarder/etc/apps/SplunkUniversalForwarder/local/outputs.conf

[indexer_discoverty:master1]
pass4SymmKey=123qwe!@#
master_uri=https://172.21.2.106

[tcpout:group1]
autoLBFrequency = 30
forceTimebasedAutoLB = true
indexerDiscovery = master1
useACK = true

Q: I confirmed the network is fully available.But why I do not receive any log?

Tags (1)
0 Karma

xsstest
Communicator

Does anyone know the answer?

0 Karma
Get Updates on the Splunk Community!

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...