- Splunk Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- Splunk weburl not coming up. after configuring uni...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk weburl not coming up. after configuring universal forwarder
I had installed splunk 7.1.1 on Linux machine and started with id/passwd, it was coming up, then I installed splunk universal forwarder on the other Linux machine to get logs from but splunk weburl not coming up, splunk is running, and I stop splunk forwarder, in splunkd.log is see below error
ERROR TcpInputProc - Message rejected. Received unexpected message of size=1195725856 bytes from src=10.46.238.52:54385 in streaming mode. Maximum message size allowed=67108864. (::) Possible invalid source sending data to splunktcp port or valid source sending unsupported payload.
please suggest
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you are sending SSL encrypted data to non-SSL listening Indexer (or vice-versa), the Indexer will reject with this error. In earlier versions an SSL-listener would accept non-encrypted payloads but this changed in v7.? (check the release notes). So if you upgrade and have this misconfigured, what worked before may be rejected now.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for quick reply, can you please suggest what should I do now?
Do I need to install splunk full version and make as forwarder if yes, please let me know the installation and configuration steps for splunk full version as forwarder.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @ahmemohs03
I believe the universal forwarder version of Splunk is light version of Splunk software, these light versions of splunk do not have the Web UI interface enabled.
You can install the full version of Splunk and make it as a universal forwarder, so that it can be used as forwarder & UI is enabled as well.
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for quick response,
Splunk universal forwarder is 7.1.1 version, and I installed in it a Linux machine whose logs need to see on another Linux server where full version of splunk is installed. Do you want me to uninstalled UF and installed splunk full version and how to make a full version splunk to universal forwarder?
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
Introducing the 2024 SplunkTrust!
