Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Connection from UF to Deployment Server: SSL issue

d4wc3k
Path Finder
‎02-03-2021 07:37 AM

Hello everyone

I have linux server machine  (CentOS 7) where Splunk universal ( version 8.0.3 ) has been installed
After installation of agent there was deployed app for connecting on deployment server.
Unfortunately machine is not visible in DS, First I have checked if dns name of DS can be resolved there and if host can communicate with DS on 8089 dest port at all with telnet program. There were not find any issues.
I decided to look at internal splunk logs by following search:
index=_internal earliest=-20d@d latest=now hostname OR x.x.x.x sourcetype=splunkd
( where x.x.x.x is IP of linux server)
I could see following warning there:
"
02-03-2021 08:04:09.080 +0100 WARN HttpListener - Socket error from x.x.x.x:13258 while idling: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version numb
"
My question can that error be related to problem with connection between linux server and DS ?
If yes, how i can resolve that issue.

On DS i have installed following version of Splunk:
Splunk 7.2.0 (build 8c86330ac18)

Thanks in advance for your help

BR
Dawid

Labels (1)
Labels
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎02-03-2021 10:06 AM

Hi

at least indexers must be at same version or greater than UFs. So I propose that you must update your DS to the newer version. It must be a Linux version as you have other than windows UFs in use. If you have separate LM then also that must be a highest version in use.

r. Ismo

0 Karma
Reply

d4wc3k
Path Finder
‎03-15-2021 08:19 AM

Hi

Thanks for answer.
I don't think so that i should do this.
I have other machines which are using newer UF and they are working without any problems.

BR
Dawid

0 Karma
Reply
Get Updates on the Splunk Community!

What the End of Support for Splunk Add-on Builder Means for You

Hello Splunk Community! We want to share an important update regarding the future of the Splunk Add-on Builder ...

Solve, Learn, Repeat: New Puzzle Channel Now Live

Welcome to the Splunk Puzzle PlaygroundIf you are anything like me, you love to solve problems, and what ...

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...