Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Can see lot of ERROR messages in universal forwarders

kiranpanchavat1
Path Finder
‎10-27-2021 11:14 PM

ERROR TcpInputProc - Message rejected. Received unexpected message of size=369295616 bytes from src=xxxx:xxxx in streaming mode. Maximum message size allowed=67108864. (::) Possible invalid source sending data to splunktcp port or valid source sending unsupported payload.

Labels (1)
Labels
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎10-27-2021 11:25 PM

Can you check that you are not sending e.g. some tcp feed to splunk-tcp port which are expecting S2S protocol. There should be separate ports for other than S2S traffic defined one per different protocols.

0 Karma
Reply

kiranpanchavat1
Path Finder
‎10-27-2021 11:28 PM

@isoutamo 


We created separate inputs.conf for SSL 

cat inputs.conf
[splunktcp-ssl:9997]
disabled=0

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎10-27-2021 11:35 PM

Have you defined on both side (UF and Indexer) that port the same way and also use the same certs etc?

Have you a separate port for splunktcp or are you using only splunktcp-ssl? You cannot mix that traffic to one port.

r. Ismo

0 Karma
Reply

kiranpanchavat1
Path Finder
‎10-27-2021 11:37 PM

@isoutamo Will check those configs and let you know 

0 Karma
Reply
Get Updates on the Splunk Community!

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

Observability Newsletter Highlights | March 2023

 March 2023 | Check out the latest and greatestSplunk APM's New Tag Filter ExperienceSplunk APM has updated ...

Security Newsletter Updates | March 2023

 March 2023 | Check out the latest and greatestUnify Your Security Operations with Splunk Mission Control The ...