06-12-2015 07:50:51.586 -0600 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/jms_ta/bin/jms.py" Can't connect to Splunk REST API with the token [Splunk _g^M7vRlKBAc^TI0NEIsIFMh3QP2HA0ttLaCNOdINAYxSzSexvE_wZ5EvXK1pV^feTcnfDniMHiLrnD4cqt3nSVOGffgofB8mqlSLKja4eDpjLNYLUo46X8M2pL], either the token is invalid or SplunkD has exited : Only SSLv3 was enabled while com.ibm.jsse2.disableSSLv3 is set to true
This error message occurs when attempting to enable JMS inputs on only ONE of our two heavy forwarders. Attempting to determine the problem. This happened suddenly after weekend maintenance/updates by system administrators. The app comparison itself does not reveal differences in file configuration/content between the two hosts. Could anyone help point me in the right direction?
Presently, my plan is to upgrade to the latest version of JMS_TA and add the configuration item to jms.py as recommended in the 1.38 release notes.
You will need to upgrade to version 1.3.8 where TLS is now enabled and is the default.