I am running Citrix Netscaler Add-on for Splunk and the splunkd.log shows following errors:
t_uri, method, body, headers, redirections, cachekey)
File "D:\Splunk\etc\apps\Splunk_TA_citrix-netscaler\bin\Splunk_TA_citrix_netscaler\ta_util2\httplib2_init.py", line 1335, in _request
(response, content) = self._conn_request(conn, request_uri, method, body, headers)
File "D:\Splunk\etc\apps\Splunk_TA_citrix-netscaler\bin\Splunk_TA_citrix_netscaler\ta_util2\httplib2__init_.py", line 1291, in _conn_request
response = conn.getresponse()
File "D:\Splunk\Python-2.7\Lib\httplib.py", line 1121, in getresponse
response.begin()
File "D:\Splunk\Python-2.7\Lib\httplib.py", line 438, in begin
version, status, reason = self._read_status()
File "D:\Splunk\Python-2.7\Lib\httplib.py", line 394, in _read_status
line = self.fp.readline(_MAXLINE + 1)
File "D:\Splunk\Python-2.7\Lib\socket.py", line 480, in readline
data = self._sock.recv(self._rbufsize)
error: [Errno 10053] An established connection was aborted by the software in your host machine
I tried checking if it was related to Windows permissions issue related to execution of scripts, but it is not. Am I missing something?
The documentation about error code 10053 says,
The virtual circuit was terminated due to a time-out or other failure. The application should close the socket as it is no longer usable.
This is a known error on windows with indexers and deployment server.
Splunk asks the server to do name resolution on the clients in order to apply the whitelist/blacklists for the deployment rules, this resolution is not occurring so the socket stays open until a timeout.
Usually this error is occurring when only WINS is used with separate networks.
Can you check in your network settings, you may need a valid DNS resolving the forwarders/deployment clients hosts names ?
A quick workaround is to populate the host file on the server with the pairs IP / hostname in
%SystemRoot%\system32\drivers\etc\hosts