- Splunk Answers
- :
- Using Splunk
- :
- Splunk Dev
- :
- splunk validate cluster-bundle throws error "inval...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
splunk validate cluster-bundle throws error "invalid key in stanza [SSL]" when i set useClientSSLCompression = true
Hi -
I'm configuring a TLS listener on an index cluster. Given this inputs.conf:
[splunktcp://50514]
queueSize = 100MB
[splunktcp-ssl://9998]
disabled = 0
[SSL]
serverCert = /opt/splunk/etc/auth/certs/my_cert.pem
sslVersions = tls1.2
useClientSSLCompression = true
requireClientCert = false
why do I get the error "[Not Critical] Invalid key in stanza [SSL] in /opt/splunk/etc/master-apps/my_app/local/inputs.conf, line 10: useClientSSLCompression (value: true)" when i run 'splunk show cluster-bundle-status' ?
According to https://docs.splunk.com/Documentation/Splunk/6.6.2/Security/ConfigureSplunkforwardingtousesignedcert... "useClientSSLCompression" is a valid key in the SSL stanza in "inputs.conf" on an indexer.
Thanks,
-Rob
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Per the link you provided, useClientSSLCompression is part of the [tcpout] stanza, not the [SSL] stanza:
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This stanza is there in the outputs.conf and not in inputs.conf.
http://docs.splunk.com/Documentation/Splunk/6.6.2/Admin/Inputsconf
https://docs.splunk.com/Documentation/Splunk/6.6.2/Admin/Outputsconf
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
While I appreciate your suggestion, I don't think it's correct, or perhaps there are multiple errors in the docs. I'm configuring clustered indexers. The link I included specifically states that the key and stanza belong in "inputs.conf" on the indexer. The documentation you linked to for "outputs.conf" says:
"Forwarders require outputs.conf; non-forwarding Splunk instances do not use it. It determines how the forwarder sends data to receiving Splunk instances, either indexers or other forwarders."
But thank you for finding the links and including them so I could review.
-Rob
Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...
Troubleshooting the OpenTelemetry Collector
Adoption of Infrastructure Monitoring at Splunk
