All Apps and Add-ons

After my logs stopped flowing in from the Microsoft Log Analytics Add-on, I got the following "SSLError"

fredshino
Explorer

The Add-on was working fine, lots of logs flowing in during the past week, but yesterday around 12pm the logs stopped flowing in.

I see some error messages in the internal logs:

"SSLError: EOF occurred in violation of protocol"

Screenshot:
alt text

@jkat54, Any ideas why these errors started all of a sudden?

0 Karma

jkat54
SplunkTrust
SplunkTrust

@fredshino can you come back to this post and provide an update please?

0 Karma

fredshino
Explorer

@jkat54, have you had a chance to look at this?

Thanks in advance!

0 Karma

jkat54
SplunkTrust
SplunkTrust

It looks like the most common cause of this is out of date / less secure versions of openssl.

Which version of splunk are you using?

0 Karma

fredshino
Explorer

7.0.3

Any tips on where to start troubleshooting this? Our Splunk deployment is huge and according to our Splunk team, upgrading to a newer version is not feasible at this moment.

0 Karma

jkat54
SplunkTrust
SplunkTrust

Any chance you have a web proxy or firewall that is malforming the request?

I think that could cause this too,

Troubleshooting this app can be difficult, so hang in there and we’ll get you fixed.

You can google azure log analytics and find curl examples for testing queries, etc.

I’ve seen people use postman app to get auth token and test queries.

0 Karma

jkat54
SplunkTrust
SplunkTrust

Any updates here @fredshino ?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...