Hi,guys
I found that the data transmitted by my security device was inconsistent with the amount searched on search. When I checked the cause, I found a large number of similar error logs in splunkd.log file of Indexer server, and the error contents were as follows:
(08-10-2022 18:01:52.492 +0800 ERROR HttpInputDataHandler - Failed processing HTTP input, token name=****_traffic, Channel =n/a, source_IP=1*.*.*, reply=10, events_processed=0, http_input_body_size=2014),
what is the cause of this and how can I solve this problem?
Thank you for any help, every suggestion may be very helpful to me.
thank you!