Just stop the script and rm the *.run files in the apps var/run directory. Then start it again. The subscription id refers to some internal mechanism that supposedly helps the ips to remember which events you already fetched.. ... View more

The best workaround for this issue I've found is to proxy your request through socat like so: socat TCP-LISTEN:1212,fork,reuseaddr OPENSSL-CONNECT:somesplunk-instance:8089,verify=0,cert=somecert.pem And then calling splunk like so: ./bin/splunk list monitor -uri http://localhost:1212 ... View more

You would define two different stanzas in inputs.conf on the heavyfwd boxes. Use port xxxx for CA1-signed clients and port yyyy for CA2-signed clients. ... View more

This error happens when the subscription id for some reason is no longer valid on the device end. You need to delete your x.x.x.x.run file(s) and allow the script to attempt to open a new session without an existing subscription id. ... View more