The structure is designed as search head clustering with 3 search heads and one of them has some errors as below. (the rest of them operates normally)
When users access to port 8000, it displays the following xml:
This xml file does not appear to have any style information associated with in. This document tree is shown below.
<msg type="ERROR">Connection reset by peer </msg>
With the above message,
When users check splunkd.log of search head which occurred error, it displays the following two logs.
WARN HttpListener - Socket error from x.x.x.x:51229 while idling: error 14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown
WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read client key exchange A', alert_description='certificate unknown'.
-------------------------------------------------------------------.
Even though users restart the mentioned search head instance, 8000 port does not open immediately but requires some time to open. However, the web doesn’t operate properly due to the mentioned phenomenon.
Also, with this situation for 8000 port, the following logs can be found from splunkd.log:
ERROR HttpClientRequest - HTTP client error=Connection reset by peer while accessing server=http://127.0.0.1:8065 for request=http://127.0.0.1:8065/ko-KR/.
-------------------------------------------------------------------
How can we resolve the such error?
Have you enabled SSL with
Any luck with this. I am having the same issue from a cloud provider sending in a HEC string...
We are running into the same issue - did you ever figure it out?
bump