Splunk Dev

splunk validate cluster-bundle throws error "invalid key in stanza [SSL]" when i set useClientSSLCompression = true

robgarner
Path Finder

Hi -

I'm configuring a TLS listener on an index cluster. Given this inputs.conf:

[splunktcp://50514]
queueSize = 100MB

[splunktcp-ssl://9998]
disabled = 0

[SSL]
serverCert    = /opt/splunk/etc/auth/certs/my_cert.pem
sslVersions   = tls1.2
useClientSSLCompression = true
requireClientCert       = false

why do I get the error "[Not Critical] Invalid key in stanza [SSL] in /opt/splunk/etc/master-apps/my_app/local/inputs.conf, line 10: useClientSSLCompression (value: true)" when i run 'splunk show cluster-bundle-status' ?

According to https://docs.splunk.com/Documentation/Splunk/6.6.2/Security/ConfigureSplunkforwardingtousesignedcert... "useClientSSLCompression" is a valid key in the SSL stanza in "inputs.conf" on an indexer.

Thanks,
-Rob

Tags (1)
0 Karma

roden
Loves-to-Learn Lots

Per the link you provided, useClientSSLCompression is part of the [tcpout] stanza, not the [SSL] stanza:

https://docs.splunk.com/Documentation/Splunk/6.6.2/Security/ConfigureSplunkforwardingtousesignedcert...

0 Karma

hardikJsheth
Motivator
0 Karma

robgarner
Path Finder

While I appreciate your suggestion, I don't think it's correct, or perhaps there are multiple errors in the docs. I'm configuring clustered indexers. The link I included specifically states that the key and stanza belong in "inputs.conf" on the indexer. The documentation you linked to for "outputs.conf" says:

"Forwarders require outputs.conf; non-forwarding Splunk instances do not use it. It determines how the forwarder sends data to receiving Splunk instances, either indexers or other forwarders."

But thank you for finding the links and including them so I could review.
-Rob

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...