eNcore + 6.2.2 solved our issue. However we still struggle with finding the multi-processor settings for eNcore. eNcore runs as a single thread, not sure how to make it multi processor. we configured our HF just to do this.
... View more
This issue seems to be resolved. I had upgraded sa-ldapsearch to 2.1.3, but that didn't fix the problem. Then I upgraded splunk to 6.4.0 and didn't think it had resolved the issue, but didn't realize that the scheduled search using this connection had been disabled. When I got back around to troubleshooting this issue, I re-enabled it and everything now works as expected. Not an answer, but at least resolution!
... View more
Hi jkleensang! Thank you for reporting this. I've applied the fix and repackaged SUM under v1.3.1 on Splunkbase.
You may find the updated version here: https://splunkbase.splunk.com/app/2678/#/overview
... View more
To add some detail to this, I had this error until I set all traffic destined to 127.0.0.1 to skip MASQUERADE. The new iptables rule immediately fixed the error, no service restart required.
iptables -I POSTROUTING 1 -t nat -d 127.0.0.1 -j ACCEPT
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
10 600 ACCEPT all -- * * 0.0.0.0/0 127.0.0.1
5710K 580M MASQUERADE all -- * * 0.0.0.0/0 0.0.0.0/0
... View more