Large number of errors processing data from forwar...

nurtdi · ‎04-13-2011

The data is being indexed, but a lot of errors in splunkd.log

this is a snippet of log after running splunk indexer in debug mode:

04-13-2011 15:54:08.135 ERROR TcpInputProc - Error encountered for connection from src=xxx.xxx.xxx.xxx:2744. Success
04-13-2011 15:54:08.135 DEBUG StatusMgr - Updating status for TcpInputProcessor
04-13-2011 15:54:08.135 INFO  StatusMgr - destPort=9992, eventType=connect_close, sourceHost=xxx.xxx.xxx.xxx, sourceIp=xxx.xxx.xxx.xxx, sourcePort=2744, statusee=                    TcpInputProcessor
04-13-2011 15:54:08.135 ERROR TcpInputProc - Error encountered for connection from src=xxx.xxx.xxx.xxx:3473. Success
04-13-2011 15:54:08.135 DEBUG StatusMgr - Updating status for TcpInputProcessor
04-13-2011 15:54:08.135 INFO  StatusMgr - destPort=9992, eventType=connect_close, sourceHost=xxx.xxx.xxx.xxx, sourceIp=xxx.xxx.xxx.xxx, sourcePort=3473, statusee=                    TcpInputProcessor
04-13-2011 15:54:08.342 DEBUG StatusMgr - Updating status for TcpInputProcessor
04-13-2011 15:54:08.342 INFO  StatusMgr - destPort=9997, eventType=connect_close, sourceHost=xxx.xxx.xxx.xxx, sourceIp=xxx.xxx.xxx.xxx, sourcePort=61588, statusee=T                    cpInputProcessor
04-13-2011 15:54:08.399 DEBUG StatusMgr - Updating status for TcpInputProcessor
04-13-2011 15:54:08.553 ERROR TcpInputProc - Error encountered for connection from src=xxx.xxx.xxx.xxx:2575. Success
04-13-2011 15:54:08.553 DEBUG StatusMgr - Updating status for TcpInputProcessor
04-13-2011 15:54:08.553 INFO  StatusMgr - destPort=9992, eventType=connect_close, sourceHost=xxx.xxx.xxx.xxx, sourceIp=xxx.xxx.xxx.xxx, sourcePort=2575, statusee=                    TcpInputProcessor

Thank you, Ildus

jkerai · ‎04-17-2011

Unfortunately this is a bug and we are trying to identify root cause.

Jeremiah · ‎05-04-2011

Any update?

Large number of errors processing data from forwarders over SSL

Modern way of developing distributed application using OTel

Enterprise Security Content Update (ESCU) | New Releases

Archived Metrics Now Available for APAC and EMEA realms