04-30-2015 09:05:03.570 -0700 ERROR TcpInputProc - Error encountered for connection from src=127.0.0.1:35742. error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
I'm seeing this error on all my indexers. I have both clustered indexers and non-clustered indexers and they all log about SSL errors to themselves (ie 127.0.0.1).
I use SSL for inputs.conf on all indexers and I'm still receiving data from forwarders and search heads. Any idea why this is happening?
It appears the error was due to Search Head Cluster replication not working with DB Connect 2.
I used deployer to deploy the app (base app no config changes), then configured DB Connect 2 on one SH Cluster peer. It did not replicate any settings or configuration. After hitting each SH Cluster member (and captain), the errors stopped.
The problem however is that my identities and connections dont show up in the UI after replication. Weird...
It appears the error was due to Search Head Cluster replication not working with DB Connect 2.
I used deployer to deploy the app (base app no config changes), then configured DB Connect 2 on one SH Cluster peer. It did not replicate any settings or configuration. After hitting each SH Cluster member (and captain), the errors stopped.
The problem however is that my identities and connections dont show up in the UI after replication. Weird...
inputs.conf on indexer:
[splunktcp-ssl:9998]
compressed = true
connection_host = none
[SSL]
password = $1$G9OzOtJKYpts
requireClientCert = false
rootCA = $SPLUNK_HOME/etc/auth/cacert.pem
serverCert = $SPLUNK_HOME/etc/auth/server.pem