Posting a question after an year, so bear with me.
We're on Splunk 6.2.6 and recently 2 weeks back updated the default Splunk certs using the script provided by Splunk. This was done in 3 environments. Four days back, 2 out of 3 search heads were not able to connect to a few indexers. There is no common indexer b/w those two SHs, they are failing for different Indexers. We're not using any SSL.
If I try to add (after deleting the Distributed Peer entry) OR update the authentication in Settings->Distributed Search- > search Peers, it gets time out (read operation timeout error)
I can see several SSL errors logged on the indexers (to which the SH is not able to connect). Similar to this:
06-18-2016 16:55:30.036 -0500 WARN HttpListener - Socket error from X.X.X.X while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
The SH shows errors like this:
06-18-2016 16:54:30.036 -0500 ERROR HttpClientRequest - HTTP client error: Read Timeout (while accessing http://127.0.0.1:8065/dj/en-us/twitter2/setup/)
Raised a ticket with Splunk support and waiting on solution. Just wanted to check in the community if anyone else has faced this issue and/or have solution to it.
Thanks in advanced.
↧