Solved: Indexers SSL Error on 127.0.0.1 (localhost)

BP9906 · ‎04-30-2015

04-30-2015 09:05:03.570 -0700 ERROR TcpInputProc - Error encountered for connection from src=127.0.0.1:35742. error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request

I'm seeing this error on all my indexers. I have both clustered indexers and non-clustered indexers and they all log about SSL errors to themselves (ie 127.0.0.1).

I use SSL for inputs.conf on all indexers and I'm still receiving data from forwarders and search heads. Any idea why this is happening?

BP9906 · ‎05-01-2015

It appears the error was due to Search Head Cluster replication not working with DB Connect 2.
I used deployer to deploy the app (base app no config changes), then configured DB Connect 2 on one SH Cluster peer. It did not replicate any settings or configuration. After hitting each SH Cluster member (and captain), the errors stopped.

The problem however is that my identities and connections dont show up in the UI after replication. Weird...

View solution in original post

BP9906 · ‎05-01-2015

It appears the error was due to Search Head Cluster replication not working with DB Connect 2.
I used deployer to deploy the app (base app no config changes), then configured DB Connect 2 on one SH Cluster peer. It did not replicate any settings or configuration. After hitting each SH Cluster member (and captain), the errors stopped.

The problem however is that my identities and connections dont show up in the UI after replication. Weird...

BP9906 · ‎04-30-2015

inputs.conf on indexer:
[splunktcp-ssl:9998] compressed = true connection_host = none

[SSL]
password = $1$G9OzOtJKYpts
requireClientCert = false
rootCA = $SPLUNK_HOME/etc/auth/cacert.pem
serverCert = $SPLUNK_HOME/etc/auth/server.pem

Indexers SSL Error on 127.0.0.1 (localhost)

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases