Splunk versions being used:
Splunk Server 1 = Version 8.2.7
Splunk Server 2 = Version 8.1.1
Background:
I created a service which monitors different folders for incoming data. When a user places new data into one of the folders, Splunk SPL creates a tailored message for the Virtual Machine (VM) to move the data. If message is received by VM, the VM sends the data through a TCP port to another service which verifies the data. If verified, the data will go straight to the Splunk servers via TCP/IP.
Issue:
When I updated one of the servers, my whole data transfer process described above stopped working. My services cannot communicate with the VM anymore.
Error Generated in Splunk Logs:
1. "It seems the Splunk default certificates are being used. If certificate validation is turned on using the default certificated (not recommended), results in loss of communication in mixed-version Splunk upgrades."
2. "Splunk's properly implemented crypto code resulted in the ciphertext being rejected instead of decrypted when AAD validation failed."
Summary of Question:
Since two different versions of Splunk are running, is it affecting the Splunk SPL ability to send a message to the VM/why my VM is not communicating/working anymore?
Thank you.
Open a support case.
Okay, thank you!!!
Update on Error: My TCP is unable to connect to the other computer
"Error TcpOutFd - Connection to host failed, host refused it.