TCP Cooked connection ?

lain179 · ‎11-13-2012

Why is this happening?

11-13-2012 16:40:04.778 +0000 WARN  TcpOutputProc - Cooked connection to ip=IPADDRESS timed out
11-13-2012 16:40:12.778 +0000 WARN  TcpOutputProc - Cooked connection to ip=IPADDRESS timed out
11-13-2012 16:40:33.779 +0000 WARN  TcpOutputProc - Cooked connection to ip=IPADDRESS timed out
11-13-2012 16:40:34.778 +0000 WARN  TcpOutputProc - Cooked connection to ip=IPADDRESS timed out
11-13-2012 16:40:34.778 +0000 WARN  TcpOutputProc - Applying quarantine to ip=IPADDRESS  port=PORT#_numberOfFailures=2
11-13-2012 16:40:54.778 +0000 WARN  TcpOutputProc - Cooked connection to ip=IPADDRESS timed out

nathanjenkins · ‎03-12-2019

Cooked connection means that somewhere along the network your SSL connection is being blocked.

Could be the indexer is not configured with the right certificate to accept encrypted connections
a firewall is blocking the connection
also remember always restart splunk after any configuration changes in order for them to take effect

To identify the cause of the problem visit:
http://www.visicoretech.com/splunk/splunk-troubleshooting-forwarder/

richgalloway · ‎03-12-2019

"cooked" refers to data that has already been processed by an indexer or heavy forwarder.

---
If this reply helps you, Karma would be appreciated.

hagjos43 · ‎06-18-2013

We currently have this issue too. I'm running a lot of scenarios and with no luck thus far.

paul_1994 · ‎01-09-2013

Or can someone give an explanation of what it means?

TCP Cooked connection ?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases