My first case to this community as I am relatively new to Splunk detailing, would be the following:
I am encountering: External search command 'sendfile' returned error code 1. for the below search.
The savedsearch returns the correct results while ran independently, but the output is always the same when trying to send an automated report running the job described. Worth mentioning that if I sample the results, the report is sent, otherwise Splunk spits the error I am facing.
I have checked that the certificate presented by my HEC and it is valid by running openssl s_client -connect your.splunk.hec.server:8088 as described in TCPDUMP-Command and the certificates are self-signed, as No client certificate CA names sent is returned.