Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Can see lot of ERROR messages in universal forwarders

kiranpanchavat1
Path Finder
‎10-27-2021 11:14 PM

ERROR TcpInputProc - Message rejected. Received unexpected message of size=369295616 bytes from src=xxxx:xxxx in streaming mode. Maximum message size allowed=67108864. (::) Possible invalid source sending data to splunktcp port or valid source sending unsupported payload.

Labels (1)
Labels
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎10-27-2021 11:25 PM

Can you check that you are not sending e.g. some tcp feed to splunk-tcp port which are expecting S2S protocol. There should be separate ports for other than S2S traffic defined one per different protocols.

0 Karma
Reply

kiranpanchavat1
Path Finder
‎10-27-2021 11:28 PM

@isoutamo 


We created separate inputs.conf for SSL 

cat inputs.conf
[splunktcp-ssl:9997]
disabled=0

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎10-27-2021 11:35 PM

Have you defined on both side (UF and Indexer) that port the same way and also use the same certs etc?

Have you a separate port for splunktcp or are you using only splunktcp-ssl? You cannot mix that traffic to one port.

r. Ismo

0 Karma
Reply

kiranpanchavat1
Path Finder
‎10-27-2021 11:37 PM

@isoutamo Will check those configs and let you know 

0 Karma
Reply
Get Updates on the Splunk Community!

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...