Security
Highlighted

Why is curl search giving an error after upgrading Splunk to 7.2.4?

Builder

Hi,
After upgrade splunk to 7.2.4 one curl search that was working perfectly in version 6.5.3 doesn't work anymore.
The result is
curl: (35) TCP connection reset by peer

I have try using -k in the call, also indicate the ssl version --tlsv1.2 also update openssl. But none of them have solved the problem.

Any idea how to solve this problem. The thing is that even a simple query return the same message.

thanks in advance

0 Karma
Highlighted

Re: Why is curl search giving an error after upgrading Splunk to 7.2.4?

Ultra Champion

Are you performing this curl from Splunk to a remote webservice, or from another system to Splunk?
It might help if you can post the full curl statement (remove anything sensitive)

0 Karma
Highlighted

Re: Why is curl search giving an error after upgrading Splunk to 7.2.4?

Builder

curl -k -u admin:xxxxxxx --data-urlencode 'search=|savedsearch xxxxxxxx' -d output_mode=csv https://localhost:8089/servicesNS/admin/xxxxxxx/search/jobs/export

0 Karma
Highlighted

Re: Why is curl search giving an error after upgrading Splunk to 7.2.4?

Ultra Champion
0 Karma
Highlighted

Re: Why is curl search giving an error after upgrading Splunk to 7.2.4?

Builder

curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.36 zlib/1.2.7 libidn/1.28 libssh2/1.4.3

But still have the same problem

0 Karma
Highlighted

Re: Why is curl search giving an error after upgrading Splunk to 7.2.4?

Ultra Champion

Try curl -k -v https://localhost:8089 and post the top of the response (remove anything sensitive)

0 Karma
Highlighted

Re: Why is curl search giving an error after upgrading Splunk to 7.2.4?

Builder

CONNECT localhost:8089 HTTP/1.1
Host: localhost:8089
User-Agent: curl/7.29.0
Proxy-Connection: Keep-Alive
< HTTP/1.1 200 Connection established <
* Proxy replied OK to CONNECT request
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* NSS error -5961 (PRCONNECTRESET_ERROR)
* TCP connection reset by peer
* Closing connection 0 curl: (35) TCP connection reset by peer

0 Karma
Highlighted

Re: Why is curl search giving an error after upgrading Splunk to 7.2.4?

Ultra Champion

That looks very much like a firewall or something is dumping the connection.
Any chance you have a local FW?

0 Karma
Highlighted

Re: Why is curl search giving an error after upgrading Splunk to 7.2.4?

Builder

The firewall is disabled

systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)

0 Karma
Highlighted

Re: Why is curl search giving an error after upgrading Splunk to 7.2.4?

Ultra Champion

Wait - cant believe i missed this:
can you run echo $https_proxy
and maybe echo $http_proxy

0 Karma