I had installed splunk 7.1.1 on Linux machine and started with id/passwd, it was coming up, then I installed splunk universal forwarder on the other Linux machine to get logs from but splunk weburl not coming up, splunk is running, and I stop splunk forwarder, in splunkd.log is see below error
ERROR TcpInputProc - Message rejected. Received unexpected message of size=1195725856 bytes from src=10.46.238.52:54385 in streaming mode. Maximum message size allowed=67108864. (::) Possible invalid source sending data to splunktcp port or valid source sending unsupported payload.
please suggest
If you are sending SSL encrypted data to non-SSL listening Indexer (or vice-versa), the Indexer will reject with this error. In earlier versions an SSL-listener would accept non-encrypted payloads but this changed in v7.? (check the release notes). So if you upgrade and have this misconfigured, what worked before may be rejected now.
Thanks for quick reply, can you please suggest what should I do now?
Do I need to install splunk full version and make as forwarder if yes, please let me know the installation and configuration steps for splunk full version as forwarder.
Hi @ahmemohs03
I believe the universal forwarder version of Splunk is light version of Splunk software, these light versions of splunk do not have the Web UI interface enabled.
You can install the full version of Splunk and make it as a universal forwarder, so that it can be used as forwarder & UI is enabled as well.
Thanks
Thanks for quick response,
Splunk universal forwarder is 7.1.1 version, and I installed in it a Linux machine whose logs need to see on another Linux server where full version of splunk is installed. Do you want me to uninstalled UF and installed splunk full version and how to make a full version splunk to universal forwarder?