Hi Team,    We are noticing suddenly started noticing these errors in splunkd log. Any idea what could cause these ? We didnt make any changes to the splunkforwarder app.    06-01-2023 20:40:19.027 -0700 ERROR AwsSDK [4839 ExecProcessor] - CurlHttpClient Curl returned error code 28 - Timeout was reached 06-01-2023 20:40:19.027 -0700 ERROR AwsSDK [4839 ExecProcessor] - EC2MetadataClient Http request to retrieve credentials failed 06-01-2023 20:40:20.029 -0700 ERROR AwsSDK [4839 ExecProcessor] - CurlHttpClient Curl returned error code 28 - Timeout was reached 06-01-2023 20:40:20.029 -0700 ERROR AwsSDK [4839 ExecProcessor] - EC2MetadataClient Http request to retrieve credentials failed 06-01-2023 20:40:20.029 -0700 ERROR AwsSDK [4839 ExecProcessor] - EC2MetadataClient Can not retrive resource from http://169.254.169.254/latest/meta-data/placement/availability-zone ... View more

Hi Guys... Post upgrade of Splunk to v9, we are noticing errors when invoking external endpoints using curl command. We are receiving a 400 response from the external endpoints. No changes have been made at either of the places and the only change is upgrading Splunk version to v9. We tried to re-create the issue on Postman and found that these errors occur when we do not pass wither the Content-Length and host in the header. How do we check if these details are being passed by curl. Anyone else faced similar issues ? Any suggestion on how to work around it ? We are not seeing any SSL error. We are able to get a response fro with the endpoint if we are accessing services available using GET method. We are having issues only we use POST method   We are using Splunk v9, webtools 2.0.2.  Thanks Vik ... View more

Hi guys... I have a splunk forwarder instance v8.2.1 on a AIX server. I have a custom app configured on which I am monitoring a few logs and forwarding them to an indexer.  I am having a weird problem where the forwarder stops sending data every day at 1 PM and resumes sending data feed at 1 AM. So, I would have no data consumed between 1 PM to 1AM. Any suggestions on what could be the issue ?  However, I am also forwarding splunkd.log to the same indexers and I see that log data all thru the day. The issue I am facing is only with one of the custom app I have on this instance.  I am sharing inputs.conf and props.conf entries  ========== inputs.conf ========= [monitor:///log/mycustomereport/mycustomereport.log*] disabled = false followTail = 0 sourcetype =mycustomereport blacklist = \.gz index = 20000_java_app_idx ignoreOlderThan=2h ========== props.conf ========= [mycustomereport] TIME_PREFIX=\w+\| TIME_FORMAT=%m/%d/%Y %I:%M:%S %3Q %p TRUNCATE = 0 MAX_EVENTS = 10000 SHOULD_LINEMERGE = false KV_MODE = none LINE_BREAKER = ([\n\r]+)mycustomereport MAX_TIMESTAMP_LOOKAHEAD = 40 PS: I do see that log file I am monitoring is having data written to it consistently.  I did enable debug logs... i dont see anything written which could helped me understand the issue. I also dont see any crash file generated.  ... View more

I am trying to hit a URL from splunk using curl command. The end point needs an header to be passed with the key values as "X-User-ID". I am passing the value as below but I still get an error message stating that the value is not passed in the header. Can you help me understand if my query is incorrect.  | eval header="{\"X-User-ID\": \"myuserid\"}" | curl method=get headerfield=header uri="https://domainname/getstatusData?startTime=2021-07-07%2008:50:00&endTime=2021-07-07%2012:50:00&authenticationBearer=na" debug=true curl message: "message":"Missing request header \u0027X-User-ID\u0027 for method parameter of type String" I am able to invoke this from POSTMAN without any issues.  ... View more