Getting Data In

forwarding question

roshanjan
New Member

Hello,
I want to configure 1 receiver, done! I want to have roughly 10-20 *nix systems sending data using forwarders.
I have some issues, any help is appreciated.

I have a receiver:

hostname is splunk, and it is listening on port 9997 as a receiver
I have a forwarded, let's call it HR.

root@splunk:/opt/splunk# bin/splunk list forward-server
Your session is invalid. Please login.
Splunk username: admin
Password:
Active forwards:
None
Configured but inactive forwards:
hr:8089

root@hr:/opt/splunk# bin/splunk list forward-server
Your session is invalid. Please login.
Splunk username: admin
Password:
Active forwards:
None
Configured but inactive forwards:
splunk:9997
root@hris:/opt/splunk#

I am getting some data in splunk when I search by host="hr", but this host is not automatically added to my Unix app either.

There are also all these errors:
04-16-2012 17:08:19.001 -0400 ERROR TcpInputFd - ACCEPT_RESULT=-1 VERIFY_RESULT=0
04-16-2012 17:08:19.001 -0400 ERROR TcpInputFd - SSL Error for fd from HOST:10.10.10.10, IP:10.10.10.10, PORT:39728
04-16-2012 17:08:19.003 -0400 ERROR TcpInputFd - SSL Error = error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
04-16-2012 17:08:19.003 -0400 ERROR TcpInputFd - ACCEPT_RESULT=-1 VERIFY_RESULT=0
04-16-2012 17:08:19.003 -0400 ERROR TcpInputFd - SSL Error for fd from HOST:10.10.10.10, IP:10.10.10.10, PORT:39729
04-16-2012 17:08:19.003 -0400 ERROR TcpInputFd - SSL Error = error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
04-16-2012 17:08:19.003 -0400 ERROR TcpInputFd - ACCEPT_RESULT=-1 VERIFY_RESULT=0
04-16-2012 17:08:19.003 -0400 ERROR TcpInputFd - SSL Error for fd from HOST:10.10.10.10, IP:10.10.10.10, PORT:39730

Tags (1)
0 Karma

tschramm
New Member

Did you ever find an answer to this? I'm getting the same thing for my redhat clients? Windows clients are fine.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...