Skip to content

Instantly share code, notes, and snippets.

@Amndeep7

Amndeep7/gist:539aec96e2c1a02a40a9c863986f41bd Secret

Created January 30, 2024 23:10
Show Gist options
  • Save Amndeep7/539aec96e2c1a02a40a9c863986f41bd to your computer and use it in GitHub Desktop.
Save Amndeep7/539aec96e2c1a02a40a9c863986f41bd to your computer and use it in GitHub Desktop.
Download ZIP
Splunk 9.1.3
Raw
gistfile1.txt
$ docker exec -it -u 0 7c50d4f7eef1 /bin/bash
[root@7c50d4f7eef1 splunk]# cat var/log/
introspection/ splunk/ watchdog/
[root@7c50d4f7eef1 splunk]# cat var/log/splunk/
audit.log health.log python.log splunk_assist_uiassets_modular_input.log splunkd_stderr.log
btool.log license_usage.log remote_searches.log splunk_instrumentation_cloud.log splunkd_stdout.log
cloudgateway_untracked.log license_usage_summary.log scheduler.log splunk_secure_gateway.log splunkd_ui_access.log
conf.log mergebuckets.log search_messages.log splunk_shc_upgrade_completion_script.log web_access.log
configuration_change.log metrics.log searchhistory.log splunkd-utility.log web_service.log
export_metrics.log mongod.log splunk_assist_selfupdate_modular_input.log splunkd.log wlm_monitor.log
first_install.log pdfgen.log splunk_assist_supervisor_modular_input.log splunkd_access.log
[root@7c50d4f7eef1 splunk]# cat var/log/splunk/splunkd.log
01-30-2024 20:52:57.158 +0000 INFO ServerConfig [0 MainThread] - Will generate GUID, as none found on this server.
01-30-2024 20:52:57.159 +0000 INFO ServerConfig [0 MainThread] - My newly generated GUID is B66809E2-A0A5-4A9C-A2B7-C1189D2AAFCD
01-30-2024 20:52:57.159 +0000 INFO ServerConfig [0 MainThread] - My server name is "7c50d4f7eef1".
01-30-2024 20:52:57.159 +0000 INFO ServerConfig [0 MainThread] - Found no site defined in server.conf
01-30-2024 20:52:57.159 +0000 INFO ServerConfig [0 MainThread] - My hostname is "7c50d4f7eef1".
01-30-2024 20:52:57.173 +0000 WARN SSLOptions [0 MainThread] - server.conf/[sslConfig]/sslVerifyServerCert is false disabling certificate validation; must be set to "true" for increased security
01-30-2024 20:52:57.178 +0000 INFO ServerConfig [0 MainThread] - SSL session cache path enabled 0 session timeout on SSL server 300.000
01-30-2024 20:52:57.179 +0000 INFO ServerConfig [0 MainThread] - Setting HTTP server compression state=on
01-30-2024 20:52:57.179 +0000 INFO ServerConfig [0 MainThread] - Setting HTTP client compression state=1 (true)
01-30-2024 20:52:57.179 +0000 INFO ServerConfig [0 MainThread] - disableSSLShutdown=0
01-30-2024 20:52:57.179 +0000 INFO ServerConfig [0 MainThread] - Setting search process to have long life span: enable_search_process_long_lifespan=1
01-30-2024 20:52:57.180 +0000 INFO ServerConfig [0 MainThread] - certificateStatusValidationMethod is not set, defaulting to none.
01-30-2024 20:52:57.181 +0000 INFO ServerConfig [0 MainThread] - Splunk is starting with EC-SSC disabled
01-30-2024 20:52:57.188 +0000 INFO loader [0 MainThread] - Regex JIT enabled
01-30-2024 20:52:57.188 +0000 INFO loader [0 MainThread] - RE2 library enabled
01-30-2024 20:52:57.188 +0000 INFO loader [0 MainThread] - using CLOCK_MONOTONIC
01-30-2024 20:52:57.201 +0000 INFO BundlesSetup [1093 MainThread] - Setup stats for /opt/splunk/etc: wallclock_elapsed_msec=10, cpu_time_used=0.0105965, shared_services_generation=1, shared_services_population=1
01-30-2024 20:52:57.205 +0000 INFO loader [1093 MainThread] - Splunkd starting (build d95b3299fa65).
01-30-2024 20:52:57.205 +0000 INFO loader [1093 MainThread] - System info: Linux, 7c50d4f7eef1, 6.5.11-linuxkit, #1 SMP PREEMPT_DYNAMIC Wed Dec 6 17:14:50 UTC 2023, x86_64.
01-30-2024 20:52:57.205 +0000 INFO loader [1093 MainThread] - Detected 12 (virtual) CPUs, 12 CPU cores, and 7949MB RAM
01-30-2024 20:52:57.205 +0000 INFO loader [1093 MainThread] - Maximum number of threads (approximate): 3974
01-30-2024 20:52:57.205 +0000 INFO loader [1093 MainThread] - Getting configuration data from: /opt/splunk/etc/myinstall/splunkd.xml
01-30-2024 20:52:57.205 +0000 INFO loader [1093 MainThread] - SPLUNK_MODULE_PATH environment variable not found - defaulting to /opt/splunk/etc/modules
01-30-2024 20:52:57.206 +0000 INFO loader [1093 MainThread] - loading modules from /opt/splunk/etc/modules
01-30-2024 20:52:57.207 +0000 INFO loader [1093 MainThread] - Writing out composite configuration file: /opt/splunk/var/run/splunk/composite.xml
01-30-2024 20:52:57.213 +0000 INFO PipelineComponent [1093 MainThread] - Ingestion pipeline sets have been configured to use pipeline set policy=round_robin for multiple pipeline sets.
01-30-2024 20:52:57.234 +0000 INFO LMStackMgr [1093 MainThread] - Initializing CleMgr...
01-30-2024 20:52:57.234 +0000 INFO LicenseMgr [1093 MainThread] - Initing LicenseMgr
01-30-2024 20:52:57.234 +0000 INFO LMConfig [1093 MainThread] - serverName=7c50d4f7eef1 guid=B66809E2-A0A5-4A9C-A2B7-C1189D2AAFCD
01-30-2024 20:52:57.234 +0000 INFO LMConfig [1093 MainThread] - connection_timeout=30
01-30-2024 20:52:57.234 +0000 INFO LMConfig [1093 MainThread] - send_timeout=30
01-30-2024 20:52:57.234 +0000 INFO LMConfig [1093 MainThread] - receive_timeout=30
01-30-2024 20:52:57.234 +0000 INFO LMConfig [1093 MainThread] - key=license_warnings_update_interval not found in licenser stanza of server.conf, defaulting=0
01-30-2024 20:52:57.234 +0000 INFO LMConfig [1093 MainThread] - squash_threshold=2000
01-30-2024 20:52:57.234 +0000 INFO LMConfig [1093 MainThread] - strict_pool_quota=1
01-30-2024 20:52:57.234 +0000 INFO LMConfig [1093 MainThread] - key=pool_suggestion not found in licenser stanza of server.conf, defaulting=''
01-30-2024 20:52:57.234 +0000 INFO LMConfig [1093 MainThread] - key=test_aws_metering not found in licenser stanza of server.conf, defaulting=0
01-30-2024 20:52:57.234 +0000 INFO LMConfig [1093 MainThread] - key=test_aws_product_code not found in licenser stanza of server.conf, defaulting=0
01-30-2024 20:52:57.234 +0000 INFO LMConfig [1093 MainThread] - lm_ping_interval=86400
01-30-2024 20:52:57.234 +0000 INFO LMConfig [1093 MainThread] - key=lm_uri not found in licenser stanza of server.conf, defaulting to empty array
01-30-2024 20:52:57.234 +0000 INFO LicenseMgr [1093 MainThread] - Initing LicenseMgr runContext_splunkd=true
01-30-2024 20:52:57.234 +0000 INFO LMStackMgr [1093 MainThread] - closing stack mgr
01-30-2024 20:52:57.234 +0000 INFO LMSlaveInfo [1093 MainThread] - all slaves cleared
01-30-2024 20:52:57.234 +0000 INFO LMStackMgr [1093 MainThread] - Initalized license_warnings_update_interval=auto
01-30-2024 20:52:57.235 +0000 INFO LMStackMgr [1093 MainThread] - License Manager supports Conditional Licensing Enforcement. For baked in CLE policies, window_period=60 days, max_violations=45, for stack size below 107374182400 bytes
01-30-2024 20:52:57.235 +0000 INFO LMLicense [1093 MainThread] - Applying default enforcement policy for free
01-30-2024 20:52:57.235 +0000 INFO LMStackMgr [1093 MainThread] - Added policy WinSz=30 Warnings=3 MaxSize=0 isDefault=1 features= for free
01-30-2024 20:52:57.235 +0000 INFO LMLicense [1093 MainThread] - Applying default enforcement policy for forwarder
01-30-2024 20:52:57.235 +0000 INFO LMStackMgr [1093 MainThread] - Added policy WinSz=30 Warnings=5 MaxSize=0 isDefault=1 features= for forwarder
01-30-2024 20:52:57.236 +0000 INFO LMStack [1093 MainThread] - Added type=download-trial license, from file=enttrial.lic, to stack=download-trial of group=Trial
01-30-2024 20:52:57.236 +0000 INFO LMLicense [1093 MainThread] - Applying default enforcement policy for download-trial
01-30-2024 20:52:57.236 +0000 INFO LMStackMgr [1093 MainThread] - created stack='download-trial'
01-30-2024 20:52:57.236 +0000 INFO LMStackMgr [1093 MainThread] - Added policy WinSz=30 Warnings=5 MaxSize=0 isDefault=1 features= for download-trial
01-30-2024 20:52:57.236 +0000 INFO LMStackMgr [1093 MainThread] - have to auto-set active stack group='Trial' reason='invalid/missing group id' gidStr='' oldGid=Invalid
01-30-2024 20:52:57.241 +0000 INFO LMConfig [1093 MainThread] - created default pool=auto_generated_pool_download-trial for stack=download-trial
01-30-2024 20:52:57.241 +0000 INFO LMStackMgr [1093 MainThread] - added default pool=auto_generated_pool_download-trial for stack=download-trial
01-30-2024 20:52:57.247 +0000 INFO LMConfig [1093 MainThread] - created default pool=auto_generated_pool_forwarder for stack=forwarder
01-30-2024 20:52:57.247 +0000 INFO LMStackMgr [1093 MainThread] - added default pool=auto_generated_pool_forwarder for stack=forwarder
01-30-2024 20:52:57.252 +0000 INFO LMConfig [1093 MainThread] - created default pool=auto_generated_pool_free for stack=free
01-30-2024 20:52:57.252 +0000 INFO LMStackMgr [1093 MainThread] - added default pool=auto_generated_pool_free for stack=free
01-30-2024 20:52:57.252 +0000 INFO ServerRoles [1093 MainThread] - Declared role=license_master.
01-30-2024 20:52:57.252 +0000 INFO ServerRoles [1093 MainThread] - Declared role=license_manager.
01-30-2024 20:52:57.252 +0000 INFO LMStackMgr [1093 MainThread] - Initialized hideQuotaWarning = "0"
01-30-2024 20:52:57.252 +0000 INFO LMStackMgr [1093 MainThread] - init completed [B66809E2-A0A5-4A9C-A2B7-C1189D2AAFCD,Trial,runContext_splunkd=true]
01-30-2024 20:52:57.252 +0000 INFO LicenseMgr [1093 MainThread] - StackMgr init complete...
01-30-2024 20:52:57.252 +0000 INFO LMTracker [1093 MainThread] - Setting default product type='enterprise'
01-30-2024 20:52:57.252 +0000 INFO LMTracker [1093 MainThread] - init'ing slaveId=B66809E2-A0A5-4A9C-A2B7-C1189D2AAFCD label=7c50d4f7eef1 [30,30,self]
01-30-2024 20:52:57.252 +0000 INFO LMTracker [1093 MainThread] - enabling implicit feature set
01-30-2024 20:52:57.252 +0000 INFO LMTracker [1093 MainThread] - attempting to ping master=self from slave=B66809E2-A0A5-4A9C-A2B7-C1189D2AAFCD
01-30-2024 20:52:57.252 +0000 INFO LMSlaveInfo [1093 MainThread] - new slave='B66809E2-A0A5-4A9C-A2B7-C1189D2AAFCD' created
01-30-2024 20:52:57.252 +0000 INFO LMSlaveInfo [1093 MainThread] - Detected that masterTimeFromSlave(ZERO_TIME) < lastRolloverTime(Tue Jan 30 00:00:00 2024), meaning that the master has already rolled over. Ignore slave persisted usage.
01-30-2024 20:52:57.253 +0000 INFO LMTracker [1093 MainThread] - setting masterGuid='B66809E2-A0A5-4A9C-A2B7-C1189D2AAFCD'
01-30-2024 20:52:57.253 +0000 INFO LMTracker [1093 MainThread] - changing backwardCompatIsTrial=true
01-30-2024 20:52:57.253 +0000 INFO LMTracker [1093 MainThread] - attempting to contact master=self from slave=B66809E2-A0A5-4A9C-A2B7-C1189D2AAFCD success
01-30-2024 20:52:57.253 +0000 INFO LicenseMgr [1093 MainThread] - Tracker init complete...
01-30-2024 20:52:57.255 +0000 INFO loader [1093 MainThread] - Setting SSL configuration.
01-30-2024 20:52:57.257 +0000 INFO loader [1093 MainThread] - Server supporting SSL versions TLS1.2
01-30-2024 20:52:57.257 +0000 INFO loader [1093 MainThread] - Using cipher suite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES128-SHA256
01-30-2024 20:52:57.258 +0000 INFO loader [1093 MainThread] - Using ECDH curves : prime256v1, secp384r1, secp521r1
01-30-2024 20:52:57.430 +0000 INFO BundlesUtil [1093 MainThread] - Using manager-apps over master-apps, using: /opt/splunk/etc/manager-apps
01-30-2024 20:52:57.430 +0000 INFO BundlesUtil [1093 MainThread] - Using manager-apps over master-apps, using: /opt/splunk/etc/manager-apps
01-30-2024 20:52:57.431 +0000 INFO BundlesUtil [1093 MainThread] - Using manager-apps over master-apps, using: /opt/splunk/etc/manager-apps
01-30-2024 20:52:57.431 +0000 INFO BundlesUtil [1093 MainThread] - Using manager-apps over master-apps, using: /opt/splunk/etc/manager-apps
01-30-2024 20:52:57.431 +0000 INFO BundlesUtil [1093 MainThread] - Using manager-apps over master-apps, using: /opt/splunk/etc/manager-apps
01-30-2024 20:52:57.431 +0000 INFO BundlesUtil [1093 MainThread] - Using manager-apps over master-apps, using: /opt/splunk/etc/manager-apps
01-30-2024 20:52:57.434 +0000 INFO BundlesUtil [1093 MainThread] - Using manager-apps over master-apps, using: /opt/splunk/etc/manager-apps
01-30-2024 20:52:57.434 +0000 INFO SpecFiles [1093 MainThread] - Found external scheme definition for stanza="MonitorNoHandle://" from spec file="/opt/splunk/etc/system/README/inputs.conf.spec" with parameters="disabled, index"
01-30-2024 20:52:57.434 +0000 INFO BundlesUtil [1093 MainThread] - Using manager-apps over master-apps, using: /opt/splunk/etc/manager-apps
01-30-2024 20:52:57.434 +0000 INFO SpecFiles [1093 MainThread] - Found external scheme definition for stanza="WinEventLog://" from spec file="/opt/splunk/etc/system/README/inputs.conf.spec" with parameters="start_from, use_old_eventlog_api, use_threads, thread_wait_time_msec, suppress_checkpoint, suppress_sourcename, suppress_keywords, suppress_type, suppress_task, suppress_opcode, current_only, batch_size, checkpointInterval, checkpointSync, channel_wait_time, disabled, evt_resolve_ad_obj, evt_skip_GUID_resolution, evt_dc_name, evt_dns_name, evt_resolve_ad_ds, evt_ad_cache_disabled, evt_ad_cache_exp, evt_ad_cache_exp_neg, evt_ad_cache_max_entries, evt_exclude_fields, evt_sid_cache_disabled, evt_sid_cache_exp, evt_sid_cache_exp_neg, evt_sid_cache_max_entries, wec_event_format, index, whitelist, blacklist, whitelist1, whitelist2, whitelist3, whitelist4, whitelist5, whitelist6, whitelist7, whitelist8, whitelist9, blacklist1, blacklist2, blacklist3, blacklist4, blacklist5, blacklist6, blacklist7, blacklist8, blacklist9, key, suppress_text, renderXml"
01-30-2024 20:52:57.434 +0000 INFO BundlesUtil [1093 MainThread] - Using manager-apps over master-apps, using: /opt/splunk/etc/manager-apps
01-30-2024 20:52:57.434 +0000 INFO SpecFiles [1093 MainThread] - Found external scheme definition for stanza="WinHostMon://" from spec file="/opt/splunk/etc/system/README/inputs.conf.spec" with parameters="type, interval, disabled, index"
01-30-2024 20:52:57.434 +0000 INFO BundlesUtil [1093 MainThread] - Using manager-apps over master-apps, using: /opt/splunk/etc/manager-apps
01-30-2024 20:52:57.434 +0000 INFO SpecFiles [1093 MainThread] - Found external scheme definition for stanza="WinNetMon://" from spec file="/opt/splunk/etc/system/README/inputs.conf.spec" with parameters="remoteAddress, process, user, addressFamily, packetType, direction, protocol, readInterval, driverBufferSize, userBufferSize, mode, multikvMaxEventCount, multikvMaxTimeMs, sid_cache_disabled, sid_cache_exp, sid_cache_exp_neg, sid_cache_max_entries, disabled, index"
01-30-2024 20:52:57.434 +0000 INFO BundlesUtil [1093 MainThread] - Using manager-apps over master-apps, using: /opt/splunk/etc/manager-apps
01-30-2024 20:52:57.434 +0000 INFO SpecFiles [1093 MainThread] - Found external scheme definition for stanza="WinPrintMon://" from spec file="/opt/splunk/etc/system/README/inputs.conf.spec" with parameters="type, interval, baseline, disabled, index"
01-30-2024 20:52:57.434 +0000 INFO BundlesUtil [1093 MainThread] - Using manager-apps over master-apps, using: /opt/splunk/etc/manager-apps
01-30-2024 20:52:57.434 +0000 INFO SpecFiles [1093 MainThread] - Found external scheme definition for stanza="WinRegMon://" from spec file="/opt/splunk/etc/system/README/inputs.conf.spec" with parameters="proc, hive, type, baseline, baseline_interval, disabled, index"
01-30-2024 20:52:57.434 +0000 INFO BundlesUtil [1093 MainThread] - Using manager-apps over master-apps, using: /opt/splunk/etc/manager-apps
01-30-2024 20:52:57.434 +0000 INFO SpecFiles [1093 MainThread] - Found external scheme definition for stanza="admon://" from spec file="/opt/splunk/etc/system/README/inputs.conf.spec" with parameters="targetDc, startingNode, monitorSubtree, disabled, index, printSchema, baseline"
01-30-2024 20:52:57.434 +0000 INFO SpecFiles [1093 MainThread] - Found external scheme definition for stanza="instance_id_modular_input://" from spec file="/opt/splunk/etc/apps/splunk_assist/README/inputs.conf.spec" with parameters="param1"
01-30-2024 20:52:57.434 +0000 INFO BundlesUtil [1093 MainThread] - Using manager-apps over master-apps, using: /opt/splunk/etc/manager-apps
01-30-2024 20:52:57.434 +0000 INFO SpecFiles [1093 MainThread] - Found external scheme definition for stanza="journald://" from spec file="/opt/splunk/etc/system/README/inputs.conf.spec" with parameters="journalctl-include-fields, journalctl-exclude-fields, journalctl-filter, journalctl-unit, journalctl-identifier, journalctl-priority, journalctl-boot, journalctl-facility, journalctl-grep, journalctl-user-unit, journalctl-dmesg, journalctl-quiet, journalctl-freetext"
01-30-2024 20:52:57.434 +0000 INFO BundlesUtil [1093 MainThread] - Using manager-apps over master-apps, using: /opt/splunk/etc/manager-apps
01-30-2024 20:52:57.434 +0000 INFO SpecFiles [1093 MainThread] - Found external scheme definition for stanza="logd://" from spec file="/opt/splunk/etc/system/README/inputs.conf.spec" with parameters="logd-backtrace, logd-debug, logd-info, logd-loss, logd-signpost, logd-predicate, logd-process, logd-source, logd-include-fields, logd-exclude-fields, logd-interval, logd-starttime, logd-freetext"
01-30-2024 20:52:57.434 +0000 INFO BundlesUtil [1093 MainThread] - Using manager-apps over master-apps, using: /opt/splunk/etc/manager-apps
01-30-2024 20:52:57.434 +0000 INFO SpecFiles [1093 MainThread] - Found external scheme definition for stanza="perfmon://" from spec file="/opt/splunk/etc/system/README/inputs.conf.spec" with parameters="object, counters, nonmetric_counters, instances, interval, mode, samplingInterval, stats, disabled, showZeroValue, useEnglishOnly, useWinApiProcStats, formatString, usePDHFmtNoCap100"
01-30-2024 20:52:57.434 +0000 INFO BundlesUtil [1093 MainThread] - Using manager-apps over master-apps, using: /opt/splunk/etc/manager-apps
01-30-2024 20:52:57.434 +0000 INFO SpecFiles [1093 MainThread] - Found external scheme definition for stanza="powershell2://" from spec file="/opt/splunk/etc/system/README/inputs.conf.spec" with parameters="script, schedule"
01-30-2024 20:52:57.434 +0000 INFO BundlesUtil [1093 MainThread] - Using manager-apps over master-apps, using: /opt/splunk/etc/manager-apps
01-30-2024 20:52:57.434 +0000 INFO SpecFiles [1093 MainThread] - Found external scheme definition for stanza="powershell://" from spec file="/opt/splunk/etc/system/README/inputs.conf.spec" with parameters="script, schedule"
01-30-2024 20:52:57.435 +0000 INFO SpecFiles [1093 MainThread] - Found external scheme definition for stanza="secure_gateway_modular_input://" from spec file="/opt/splunk/etc/apps/splunk_secure_gateway/README/inputs.conf.spec" with parameters="param1"
01-30-2024 20:52:57.435 +0000 INFO SpecFiles [1093 MainThread] - Found external scheme definition for stanza="selfupdate_modular_input://" from spec file="/opt/splunk/etc/apps/splunk_assist/README/inputs.conf.spec" with parameters="param1"
01-30-2024 20:52:57.435 +0000 INFO BundlesUtil [1093 MainThread] - Using manager-apps over master-apps, using: /opt/splunk/etc/manager-apps
01-30-2024 20:52:57.435 +0000 INFO SpecFiles [1093 MainThread] - Found external scheme definition for stanza="splunktcptoken://" from spec file="/opt/splunk/etc/system/README/inputs.conf.spec" with parameters="token"
01-30-2024 20:52:57.435 +0000 INFO SpecFiles [1093 MainThread] - Found external scheme definition for stanza="ssg_alerts_ttl_modular_input://" from spec file="/opt/splunk/etc/apps/splunk_secure_gateway/README/inputs.conf.spec" with parameters="ttl_days"
01-30-2024 20:52:57.435 +0000 INFO SpecFiles [1093 MainThread] - Found external scheme definition for stanza="ssg_config_modular_input://" from spec file="/opt/splunk/etc/apps/splunk_secure_gateway/README/inputs.conf.spec" with parameters="param1"
01-30-2024 20:52:57.435 +0000 INFO SpecFiles [1093 MainThread] - Found external scheme definition for stanza="ssg_deep_link_dashboard_modular_input://" from spec file="/opt/splunk/etc/apps/splunk_secure_gateway/README/inputs.conf.spec" with parameters="param1"
01-30-2024 20:52:57.435 +0000 INFO SpecFiles [1093 MainThread] - Found external scheme definition for stanza="ssg_delete_tokens_modular_input://" from spec file="/opt/splunk/etc/apps/splunk_secure_gateway/README/inputs.conf.spec" with parameters="param1"
01-30-2024 20:52:57.435 +0000 INFO SpecFiles [1093 MainThread] - Found external scheme definition for stanza="ssg_device_role_modular_input://" from spec file="/opt/splunk/etc/apps/splunk_secure_gateway/README/inputs.conf.spec" with parameters="param1"
01-30-2024 20:52:57.435 +0000 INFO SpecFiles [1093 MainThread] - Found external scheme definition for stanza="ssg_enable_modular_input://" from spec file="/opt/splunk/etc/apps/splunk_secure_gateway/README/inputs.conf.spec" with parameters="param1"
01-30-2024 20:52:57.435 +0000 INFO SpecFiles [1093 MainThread] - Found external scheme definition for stanza="ssg_metrics_modular_input://" from spec file="/opt/splunk/etc/apps/splunk_secure_gateway/README/inputs.conf.spec" with parameters="param1"
01-30-2024 20:52:57.435 +0000 INFO SpecFiles [1093 MainThread] - Found external scheme definition for stanza="ssg_registered_devices_modular_input://" from spec file="/opt/splunk/etc/apps/splunk_secure_gateway/README/inputs.conf.spec" with parameters="param1"
01-30-2024 20:52:57.435 +0000 INFO SpecFiles [1093 MainThread] - Found external scheme definition for stanza="ssg_registered_users_list_modular_input://" from spec file="/opt/splunk/etc/apps/splunk_secure_gateway/README/inputs.conf.spec" with parameters="param1"
01-30-2024 20:52:57.435 +0000 INFO SpecFiles [1093 MainThread] - Found external scheme definition for stanza="ssg_report_heuristics_modular_input://" from spec file="/opt/splunk/etc/apps/splunk_secure_gateway/README/inputs.conf.spec" with parameters="param1"
01-30-2024 20:52:57.435 +0000 INFO SpecFiles [1093 MainThread] - Found external scheme definition for stanza="ssg_subscription_clean_up_modular_input://" from spec file="/opt/splunk/etc/apps/splunk_secure_gateway/README/inputs.conf.spec" with parameters="cleanup_threshold_seconds"
01-30-2024 20:52:57.435 +0000 INFO SpecFiles [1093 MainThread] - Found external scheme definition for stanza="ssg_subscription_modular_input://" from spec file="/opt/splunk/etc/apps/splunk_secure_gateway/README/inputs.conf.spec" with parameters="minimum_iteration_time_seconds, maximum_iteration_time_warn_threshold_seconds"
01-30-2024 20:52:57.435 +0000 INFO SpecFiles [1093 MainThread] - Found external scheme definition for stanza="supervisor_modular_input://" from spec file="/opt/splunk/etc/apps/splunk_assist/README/inputs.conf.spec" with parameters="param1"
01-30-2024 20:52:57.435 +0000 INFO SpecFiles [1093 MainThread] - Found external scheme definition for stanza="uiassets_modular_input://" from spec file="/opt/splunk/etc/apps/splunk_assist/README/inputs.conf.spec" with parameters="param1"
01-30-2024 20:52:58.247 +0000 INFO ModularInputs [1093 MainThread] - Introspection setup completed for scheme "instance_id_modular_input".
01-30-2024 20:52:58.350 +0000 INFO ModularInputs [1093 MainThread] - Endpoint argument settings for "journalctl-boot":
01-30-2024 20:52:58.350 +0000 INFO ModularInputs [1093 MainThread] - Endpoint argument settings for "journalctl-dmesg":
01-30-2024 20:52:58.350 +0000 INFO ModularInputs [1093 MainThread] - Endpoint argument settings for "journalctl-exclude-fields":
01-30-2024 20:52:58.350 +0000 INFO ModularInputs [1093 MainThread] - Endpoint argument settings for "journalctl-facility":
01-30-2024 20:52:58.350 +0000 INFO ModularInputs [1093 MainThread] - Endpoint argument settings for "journalctl-filter":
01-30-2024 20:52:58.350 +0000 INFO ModularInputs [1093 MainThread] - Endpoint argument settings for "journalctl-freetext":
01-30-2024 20:52:58.350 +0000 INFO ModularInputs [1093 MainThread] - Endpoint argument settings for "journalctl-grep":
01-30-2024 20:52:58.350 +0000 INFO ModularInputs [1093 MainThread] - Endpoint argument settings for "journalctl-identifier":
01-30-2024 20:52:58.350 +0000 INFO ModularInputs [1093 MainThread] - Endpoint argument settings for "journalctl-include-fields":
01-30-2024 20:52:58.350 +0000 INFO ModularInputs [1093 MainThread] - Endpoint argument settings for "journalctl-priority":
01-30-2024 20:52:58.350 +0000 INFO ModularInputs [1093 MainThread] - Endpoint argument settings for "journalctl-quiet":
01-30-2024 20:52:58.350 +0000 INFO ModularInputs [1093 MainThread] - Endpoint argument settings for "journalctl-unit":
01-30-2024 20:52:58.350 +0000 INFO ModularInputs [1093 MainThread] - Endpoint argument settings for "journalctl-user-unit":
01-30-2024 20:52:58.350 +0000 INFO ModularInputs [1093 MainThread] - Endpoint argument settings for "name":
01-30-2024 20:52:58.350 +0000 INFO ModularInputs [1093 MainThread] - Introspection setup completed for scheme "journald".
01-30-2024 20:52:58.454 +0000 INFO ModularInputs [1093 MainThread] - Endpoint argument settings for "logd-backtrace":
01-30-2024 20:52:58.454 +0000 INFO ModularInputs [1093 MainThread] - Endpoint argument settings for "logd-debug":
01-30-2024 20:52:58.454 +0000 INFO ModularInputs [1093 MainThread] - Endpoint argument settings for "logd-exclude-fields":
01-30-2024 20:52:58.454 +0000 INFO ModularInputs [1093 MainThread] - Endpoint argument settings for "logd-freetext":
01-30-2024 20:52:58.454 +0000 INFO ModularInputs [1093 MainThread] - Endpoint argument settings for "logd-include-fields":
01-30-2024 20:52:58.454 +0000 INFO ModularInputs [1093 MainThread] - Endpoint argument settings for "logd-info":
01-30-2024 20:52:58.454 +0000 INFO ModularInputs [1093 MainThread] - Endpoint argument settings for "logd-interval":
01-30-2024 20:52:58.454 +0000 INFO ModularInputs [1093 MainThread] - Endpoint argument settings for "logd-loss":
01-30-2024 20:52:58.454 +0000 INFO ModularInputs [1093 MainThread] - Endpoint argument settings for "logd-predicate":
01-30-2024 20:52:58.454 +0000 INFO ModularInputs [1093 MainThread] - Endpoint argument settings for "logd-process":
01-30-2024 20:52:58.454 +0000 INFO ModularInputs [1093 MainThread] - Endpoint argument settings for "logd-signpost":
01-30-2024 20:52:58.454 +0000 INFO ModularInputs [1093 MainThread] - Endpoint argument settings for "logd-source":
01-30-2024 20:52:58.454 +0000 INFO ModularInputs [1093 MainThread] - Endpoint argument settings for "logd-starttime":
01-30-2024 20:52:58.454 +0000 INFO ModularInputs [1093 MainThread] - Endpoint argument settings for "name":
01-30-2024 20:52:58.454 +0000 INFO ModularInputs [1093 MainThread] - Introspection setup completed for scheme "logd".
01-30-2024 20:52:59.860 +0000 INFO ModularInputs [1093 MainThread] - Endpoint argument settings for "param1":
01-30-2024 20:52:59.860 +0000 INFO ModularInputs [1093 MainThread] - Introspection setup completed for scheme "secure_gateway_modular_input".
01-30-2024 20:53:00.266 +0000 INFO ModularInputs [1093 MainThread] - Introspection setup completed for scheme "selfupdate_modular_input".
01-30-2024 20:53:00.669 +0000 INFO ModularInputs [1093 MainThread] - Endpoint argument settings for "ttl_days":
01-30-2024 20:53:00.669 +0000 INFO ModularInputs [1093 MainThread] - Introspection setup completed for scheme "ssg_alerts_ttl_modular_input".
01-30-2024 20:53:01.176 +0000 INFO ModularInputs [1093 MainThread] - Introspection setup completed for scheme "ssg_config_modular_input".
01-30-2024 20:53:01.990 +0000 INFO ModularInputs [1093 MainThread] - Introspection setup completed for scheme "ssg_deep_link_dashboard_modular_input".
01-30-2024 20:53:02.394 +0000 INFO ModularInputs [1093 MainThread] - Endpoint argument settings for "param1":
01-30-2024 20:53:02.394 +0000 INFO ModularInputs [1093 MainThread] - Introspection setup completed for scheme "ssg_delete_tokens_modular_input".
01-30-2024 20:53:03.100 +0000 INFO ModularInputs [1093 MainThread] - Endpoint argument settings for "param1":
01-30-2024 20:53:03.100 +0000 INFO ModularInputs [1093 MainThread] - Introspection setup completed for scheme "ssg_device_role_modular_input".
01-30-2024 20:53:03.805 +0000 INFO ModularInputs [1093 MainThread] - Endpoint argument settings for "param1":
01-30-2024 20:53:03.806 +0000 INFO ModularInputs [1093 MainThread] - Introspection setup completed for scheme "ssg_enable_modular_input".
01-30-2024 20:53:04.510 +0000 INFO ModularInputs [1093 MainThread] - Endpoint argument settings for "param1":
01-30-2024 20:53:04.510 +0000 INFO ModularInputs [1093 MainThread] - Introspection setup completed for scheme "ssg_metrics_modular_input".
01-30-2024 20:53:04.914 +0000 INFO ModularInputs [1093 MainThread] - Endpoint argument settings for "param1":
01-30-2024 20:53:04.914 +0000 INFO ModularInputs [1093 MainThread] - Introspection setup completed for scheme "ssg_registered_devices_modular_input".
01-30-2024 20:53:05.318 +0000 INFO ModularInputs [1093 MainThread] - Endpoint argument settings for "param1":
01-30-2024 20:53:05.318 +0000 INFO ModularInputs [1093 MainThread] - Introspection setup completed for scheme "ssg_registered_users_list_modular_input".
01-30-2024 20:53:06.023 +0000 INFO ModularInputs [1093 MainThread] - Endpoint argument settings for "param1":
01-30-2024 20:53:06.023 +0000 INFO ModularInputs [1093 MainThread] - Introspection setup completed for scheme "ssg_report_heuristics_modular_input".
01-30-2024 20:53:06.427 +0000 INFO ModularInputs [1093 MainThread] - Endpoint argument settings for "cleanup_threshold_seconds":
01-30-2024 20:53:06.427 +0000 INFO ModularInputs [1093 MainThread] - Introspection setup completed for scheme "ssg_subscription_clean_up_modular_input".
01-30-2024 20:53:07.232 +0000 INFO ModularInputs [1093 MainThread] - Endpoint argument settings for "maximum_iteration_time_warn_threshold_seconds":
01-30-2024 20:53:07.232 +0000 INFO ModularInputs [1093 MainThread] - Endpoint argument settings for "minimum_iteration_time_seconds":
01-30-2024 20:53:07.232 +0000 INFO ModularInputs [1093 MainThread] - Introspection setup completed for scheme "ssg_subscription_modular_input".
01-30-2024 20:53:07.537 +0000 INFO ModularInputs [1093 MainThread] - Introspection setup completed for scheme "supervisor_modular_input".
01-30-2024 20:53:07.841 +0000 INFO ModularInputs [1093 MainThread] - Introspection setup completed for scheme "uiassets_modular_input".
01-30-2024 20:53:07.867 +0000 INFO DisasterRecoveryManager [1093 MainThread] - Initialized DisasterRecoveryManager, replication_enabled=0, replication_max_wait_time_secs=0, replication_min_check_time_secs=10, replication_max_check_time_secs=60
01-30-2024 20:53:07.867 +0000 INFO CacheManager [1093 MainThread] - cachemanager is using cache eviction algorithm=lru
01-30-2024 20:53:07.868 +0000 INFO CacheManager [1316 SavePendingUploadsToDiskThread] - Starting SavePendingUploadsToDiskThread
01-30-2024 20:53:07.868 +0000 INFO DS_DC_Common [1093 MainThread] - Initializing the PubSub system.
01-30-2024 20:53:07.868 +0000 INFO DS_DC_Common [1093 MainThread] - Initializing core facilities of PubSub system.
01-30-2024 20:53:07.879 +0000 INFO DC:DeploymentClient [1093 MainThread] - target-broker clause is missing.
01-30-2024 20:53:07.879 +0000 WARN DC:DeploymentClient [1093 MainThread] - DeploymentClient explicitly disabled through config.
01-30-2024 20:53:07.879 +0000 INFO DS_DC_Common [1093 MainThread] - Deployment Client not initialized.
01-30-2024 20:53:07.879 +0000 INFO DS_DC_Common [1093 MainThread] - Loading and initializing Deployment Server...
01-30-2024 20:53:07.879 +0000 INFO DeploymentServer [1093 MainThread] - Attempting to reload entire DS; reason='init'
01-30-2024 20:53:07.879 +0000 INFO DSManager [1093 MainThread] - No serverclasses configured.
01-30-2024 20:53:07.884 +0000 INFO DSManager [1093 MainThread] - Loaded count=0 configured SCs
01-30-2024 20:53:07.884 +0000 INFO ClientSessionsManager [1093 MainThread] - Initializing ClientSessionsManager
01-30-2024 20:53:07.884 +0000 INFO PubSubSvr [1093 MainThread] - Subscribed: channel=deploymentServer/phoneHome/default connectionId=connection_127.0.0.1_8089_7c50d4f7eef1_direct_ds_default listener=0x7f94c8d82a00
01-30-2024 20:53:07.884 +0000 INFO PubSubSvr [1093 MainThread] - Subscribed: channel=deploymentServer/phoneHome/default connectionId=connection_127.0.0.1_8089_7c50d4f7eef1_direct_ds_default listener=0x7f94c8d82a00
01-30-2024 20:53:07.884 +0000 INFO PubSubSvr [1093 MainThread] - Subscribed: channel=deploymentServer/phoneHome/default/metrics connectionId=connection_127.0.0.1_8089_7c50d4f7eef1_direct_ds_default listener=0x7f94c8d82a00
01-30-2024 20:53:07.884 +0000 INFO DeploymentServer [1093 MainThread] - Creating connection to PubSub system.
01-30-2024 20:53:07.884 +0000 INFO PubSubSvr [1093 MainThread] - Subscribed: channel=tenantService/handshake connectionId=connection_127.0.0.1_8089_7c50d4f7eef1_direct_tenantService listener=0x7f94c91ad000
01-30-2024 20:53:07.884 +0000 INFO DS_DC_Common [1093 MainThread] - Registered REST endpoint for 'broker'.
01-30-2024 20:53:07.884 +0000 INFO DS_DC_Common [1093 MainThread] - Deployment Server|Client initialized successfully.
01-30-2024 20:53:07.884 +0000 INFO ClusteringMgr [1093 MainThread] - initing clustering with: ht=60.000 rf=3 sf=2 cm_ct=18446744073709551.615 ct=60.000 st=60.000 rt=60.000 rct=5.000 rst=5.000 rrt=10.000 rmst=600.000 rmrt=600.000 icps=25 sfrt=600.000 pe=1 im=0 ip=0 mob=5 mor=5 mosr=5 pb=5 rep_port= pptr=10 pptrl=100 fznb=10 Empty/Default cluster pass4symmkey=false allow Empty/Default cluster pass4symmkey=false rrt=restart dft=180 abt=600 sbs=1
01-30-2024 20:53:07.884 +0000 INFO ClusteringMgr [1093 MainThread] - clustering disabled
01-30-2024 20:53:07.884 +0000 WARN HTTPAuthManager [1093 MainThread] - pass4SymmKey length is too short. See pass4SymmKey_minLength under the general stanza in server.conf.
01-30-2024 20:53:07.884 +0000 WARN SHCConfig [1093 MainThread] - Default pass4symkey is being used. Please change to a random one.
01-30-2024 20:53:07.885 +0000 INFO SHClusterMgr [1093 MainThread] - initing shpooling with: ht=60.000 rf=3 ct=60.000 st=60.000 rt=60.000 rct=5.000 rst=5.000 rrt=10.000 rmst=600.000 rmrt=600.000 pe=1 im=0 is=0 mor=5 pb=5 rep_port= pptr=10
01-30-2024 20:53:07.885 +0000 WARN SSLOptions [1093 MainThread] - server.conf/[kvstore]/sslVerifyServerCert is false disabling certificate validation; must be set to "true" for increased security
01-30-2024 20:53:07.885 +0000 INFO SHClusterMgr [1093 MainThread] - shpooling disabled
01-30-2024 20:53:07.886 +0000 INFO WorkloadManager [1093 MainThread] - Workload management cannot be enabled on this system because the feature is not supported. Check the status of workload management preflight checks for additional information.
01-30-2024 20:53:07.892 +0000 INFO loader [1093 MainThread] - remote ui state feature is disabled
01-30-2024 20:53:07.892 +0000 INFO CollectionCacheManager [1318 CollectionCacheBookkeepingThread] - CollectionCacheBookkeepingThread starting eloop
01-30-2024 20:53:07.893 +0000 INFO ulimit [1093 MainThread] - Limit: virtual address space size: unlimited
01-30-2024 20:53:07.893 +0000 INFO ulimit [1093 MainThread] - Limit: data segment size: unlimited
01-30-2024 20:53:07.893 +0000 INFO ulimit [1093 MainThread] - Limit: resident memory size: unlimited
01-30-2024 20:53:07.893 +0000 INFO ulimit [1093 MainThread] - Limit: stack size: 8388608 bytes [hard maximum: unlimited]
01-30-2024 20:53:07.893 +0000 INFO ulimit [1093 MainThread] - Limit: core file size: 0 bytes [hard maximum: unlimited]
01-30-2024 20:53:07.893 +0000 WARN ulimit [1093 MainThread] - Core file generation disabled.
01-30-2024 20:53:07.893 +0000 INFO ulimit [1093 MainThread] - Limit: data file size: unlimited
01-30-2024 20:53:07.893 +0000 INFO ulimit [1093 MainThread] - Limit: open files: 1048576 files
01-30-2024 20:53:07.893 +0000 INFO ulimit [1093 MainThread] - Limit: user processes: unlimited
01-30-2024 20:53:07.893 +0000 INFO ulimit [1093 MainThread] - Limit: cpu time: unlimited
01-30-2024 20:53:07.893 +0000 INFO ulimit [1093 MainThread] - Linux transparent hugepage support, enabled="always" defrag="madvise"
01-30-2024 20:53:07.893 +0000 WARN ulimit [1093 MainThread] - This configuration of transparent hugepages is known to cause serious runtime problems with Splunk. Typical symptoms include generally reduced performance and catastrophic breakdown in system responsiveness under high memory pressure. Please fix by setting the values for transparent huge pages to "madvise" or preferably "never" via sysctl, kernel boot parameters, or other method recommended by your Linux distribution.
01-30-2024 20:53:07.893 +0000 INFO ulimit [1093 MainThread] - Linux vm.overcommit setting, value="0"
01-30-2024 20:53:07.893 +0000 WARN KVStoreConfigurationProvider [1093 MainThread] - Action scheduled, but event loop is not ready yet
01-30-2024 20:53:07.894 +0000 INFO MongodRunner [1321 KVStoreConfigurationThread] - Starting mongod with executable name=mongod version=kvstore version 4.2
01-30-2024 20:53:07.894 +0000 INFO MongodRunner [1321 KVStoreConfigurationThread] - Setting env var LC_ALL=C
01-30-2024 20:53:07.894 +0000 INFO MongodRunner [1321 KVStoreConfigurationThread] - Created new kvstore directory: /opt/splunk/var/lib/splunk/kvstore/mongo
01-30-2024 20:53:07.894 +0000 INFO MongodRunner [1321 KVStoreConfigurationThread] - Using mongod command line --dbpath /opt/splunk/var/lib/splunk/kvstore/mongo
01-30-2024 20:53:07.894 +0000 INFO MongodRunner [1321 KVStoreConfigurationThread] - Using mongod command line --storageEngine wiredTiger
01-30-2024 20:53:07.894 +0000 INFO MongodRunner [1321 KVStoreConfigurationThread] - Using cacheSize=1.05GB
01-30-2024 20:53:07.894 +0000 INFO MongodRunner [1321 KVStoreConfigurationThread] - Using mongod command line --port 8191
01-30-2024 20:53:07.894 +0000 INFO MongodRunner [1321 KVStoreConfigurationThread] - Using mongod command line --timeStampFormat iso8601-utc
01-30-2024 20:53:07.894 +0000 INFO MongodRunner [1321 KVStoreConfigurationThread] - Using mongod command line --oplogSize 200
01-30-2024 20:53:07.894 +0000 INFO MongodRunner [1321 KVStoreConfigurationThread] - Using mongod command line --keyFile /opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key
01-30-2024 20:53:07.894 +0000 INFO MongodRunner [1321 KVStoreConfigurationThread] - Using mongod command line --setParameter enableLocalhostAuthBypass=0
01-30-2024 20:53:07.894 +0000 INFO MongodRunner [1321 KVStoreConfigurationThread] - Using mongod command line --setParameter oplogFetcherSteadyStateMaxFetcherRestarts=0
01-30-2024 20:53:07.894 +0000 INFO MongodRunner [1321 KVStoreConfigurationThread] - Using mongod command line --replSet B66809E2-A0A5-4A9C-A2B7-C1189D2AAFCD
01-30-2024 20:53:07.894 +0000 INFO MongodRunner [1321 KVStoreConfigurationThread] - Using mongod command line --bind_ip=0.0.0.0 (all ipv4 addresses)
01-30-2024 20:53:07.894 +0000 INFO CertificateData [1321 KVStoreConfigurationThread] - channel=KVStore, subject="O=SplunkUser,CN=SplunkServerDefaultCert", subjectAltName="", serial=B54C2CF7DD1CD70D, notValidBefore=1706647975, notValidAfter=1801255975, issuer="/C=US/ST=CA/L=San Francisco/O=Splunk/CN=SplunkCommonCA/emailAddress=support@splunk.com", sha256-fingerprint=EB:84:9E:77:68:EE:62:1B:BD:B6:C5:27:1C:87:E3:22:96:4C:93:82:2F:AA:B0:B9:75:65:E8:EE:A5:8C:8A:11
01-30-2024 20:53:07.894 +0000 INFO MongodRunner [1321 KVStoreConfigurationThread] - Using mongod command line --sslMode requireSSL
01-30-2024 20:53:07.894 +0000 INFO MongodRunner [1321 KVStoreConfigurationThread] - Using mongod command line --sslAllowInvalidHostnames
01-30-2024 20:53:07.894 +0000 INFO MongodRunner [1321 KVStoreConfigurationThread] - Using mongod command line --sslPEMKeyFile /opt/splunk/etc/auth/server.pem
01-30-2024 20:53:07.894 +0000 INFO MongodRunner [1321 KVStoreConfigurationThread] - Using mongod command line --sslPEMKeyPasswod *****
01-30-2024 20:53:07.894 +0000 INFO MongodRunner [1321 KVStoreConfigurationThread] - Using mongod command line --tlsDisabledProtocols noTLS1_0,noTLS1_1
01-30-2024 20:53:07.894 +0000 INFO MongodRunner [1321 KVStoreConfigurationThread] - Using mongod command line --sslCipherConfig ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES128-SHA256
01-30-2024 20:53:07.894 +0000 INFO MongodRunner [1321 KVStoreConfigurationThread] - Using mongod command line --nounixsocket
01-30-2024 20:53:07.895 +0000 INFO MongodRunner [1321 KVStoreConfigurationThread] - Using mongod command line --noscripting
01-30-2024 20:53:07.902 +0000 WARN DistributedBundleReplicationManager [1093 MainThread] - replicationBlacklist in distsearch.conf is deprecated, use replicationDenylist instead.
01-30-2024 20:53:07.902 +0000 WARN KVStoreConfigurationProvider [1093 MainThread] - Action scheduled, but event loop is not ready yet
01-30-2024 20:53:07.902 +0000 INFO CertStorageProvider [1093 MainThread] - Updating status from unknown to starting
01-30-2024 20:53:07.902 +0000 INFO CertStorageProvider [1093 MainThread] - Updating status from unknown to starting
01-30-2024 20:53:07.902 +0000 INFO Rsa2FA [1093 MainThread] - Could not find [externalTwoFactorAuthSettings] in authentication stanza.
01-30-2024 20:53:07.902 +0000 INFO KVStoreBackupRestore [1324 KVStoreBackupThread] - thread started.
01-30-2024 20:53:07.972 +0000 INFO IndexerInit [1328 SplunkdSpecificInitThread] - running splunkd specific init
01-30-2024 20:53:07.977 +0000 WARN SearchLogCopier [1331 DispatchReaper] - Config setting enabled is invalid. Feature is disabled.
01-30-2024 20:53:07.987 +0000 WARN IndexerService [1328 SplunkdSpecificInitThread] - Can't set numThreadsForIndexInitExecutor to 16; capped at 12 instead as it cannot exceed the number of cpu cores
01-30-2024 20:53:07.987 +0000 INFO IndexerService [1328 SplunkdSpecificInitThread] - Number of threads in IndexInitExecutor is set to 12
01-30-2024 20:53:07.992 +0000 INFO IndexerService [1335 RecreateIndexesThread] - starting RecreateIndexesThread
01-30-2024 20:53:07.992 +0000 INFO IndexerService [1328 SplunkdSpecificInitThread] - indexes.conf - indexThreads param set to=8
01-30-2024 20:53:07.994 +0000 INFO IndexerService [1328 SplunkdSpecificInitThread] - indexes.conf - memPoolMB param autotuned to=256MB
01-30-2024 20:53:07.994 +0000 INFO MPool [1328 SplunkdSpecificInitThread] - MPool initialized: bytes=268435456
01-30-2024 20:53:07.997 +0000 INFO DatabaseDirectoryManager [1348 IndexInitExecutorWorker-4] - Start-up refreshing bucket manifest index=_audit
01-30-2024 20:53:07.998 +0000 INFO DatabaseDirectoryManager [1348 IndexInitExecutorWorker-4] - idx=_audit writing a bucket manifest in hotWarmPath='/opt/splunk/var/lib/splunk/audit/db' pendingBucketUpdates=0 innerLockTime=0.000. Reason='Refreshing manifest at start-up.'
01-30-2024 20:53:07.998 +0000 INFO DatabaseDirectoryManager [1348 IndexInitExecutorWorker-4] - Finished writing bucket manifest in hotWarmPath=/opt/splunk/var/lib/splunk/audit/db duration=0.000
01-30-2024 20:53:07.999 +0000 INFO DatabaseDirectoryManager [1345 IndexInitExecutorWorker-1] - Start-up refreshing bucket manifest index=_configtracker
01-30-2024 20:53:07.999 +0000 INFO DatabaseDirectoryManager [1345 IndexInitExecutorWorker-1] - idx=_configtracker writing a bucket manifest in hotWarmPath='/opt/splunk/var/lib/splunk/_configtracker/db' pendingBucketUpdates=0 innerLockTime=0.000. Reason='Refreshing manifest at start-up.'
01-30-2024 20:53:07.999 +0000 INFO DatabaseDirectoryManager [1346 IndexInitExecutorWorker-2] - Start-up refreshing bucket manifest index=_internal
01-30-2024 20:53:07.999 +0000 INFO DatabaseDirectoryManager [1347 IndexInitExecutorWorker-3] - Start-up refreshing bucket manifest index=_telemetry
01-30-2024 20:53:07.999 +0000 INFO DatabaseDirectoryManager [1352 IndexInitExecutorWorker-8] - Start-up refreshing bucket manifest index=_introspection
01-30-2024 20:53:07.999 +0000 INFO DatabaseDirectoryManager [1346 IndexInitExecutorWorker-2] - idx=_internal writing a bucket manifest in hotWarmPath='/opt/splunk/var/lib/splunk/_internaldb/db' pendingBucketUpdates=0 innerLockTime=0.000. Reason='Refreshing manifest at start-up.'
01-30-2024 20:53:07.999 +0000 INFO DatabaseDirectoryManager [1347 IndexInitExecutorWorker-3] - idx=_telemetry writing a bucket manifest in hotWarmPath='/opt/splunk/var/lib/splunk/_telemetry/db' pendingBucketUpdates=0 innerLockTime=0.000. Reason='Refreshing manifest at start-up.'
01-30-2024 20:53:07.999 +0000 INFO DatabaseDirectoryManager [1345 IndexInitExecutorWorker-1] - Finished writing bucket manifest in hotWarmPath=/opt/splunk/var/lib/splunk/_configtracker/db duration=0.000
01-30-2024 20:53:07.999 +0000 INFO DatabaseDirectoryManager [1353 IndexInitExecutorWorker-9] - Start-up refreshing bucket manifest index=main
01-30-2024 20:53:07.999 +0000 INFO DatabaseDirectoryManager [1345 IndexInitExecutorWorker-1] - Start-up refreshing bucket manifest index=summary
01-30-2024 20:53:07.999 +0000 INFO DatabaseDirectoryManager [1349 IndexInitExecutorWorker-5] - Start-up refreshing bucket manifest index=_metrics_rollup
01-30-2024 20:53:07.999 +0000 INFO DatabaseDirectoryManager [1347 IndexInitExecutorWorker-3] - Finished writing bucket manifest in hotWarmPath=/opt/splunk/var/lib/splunk/_telemetry/db duration=0.000
01-30-2024 20:53:07.999 +0000 INFO DatabaseDirectoryManager [1345 IndexInitExecutorWorker-1] - idx=summary writing a bucket manifest in hotWarmPath='/opt/splunk/var/lib/splunk/summarydb/db' pendingBucketUpdates=0 innerLockTime=0.000. Reason='Refreshing manifest at start-up.'
01-30-2024 20:53:07.999 +0000 INFO DatabaseDirectoryManager [1353 IndexInitExecutorWorker-9] - idx=main writing a bucket manifest in hotWarmPath='/opt/splunk/var/lib/splunk/defaultdb/db' pendingBucketUpdates=0 innerLockTime=0.000. Reason='Refreshing manifest at start-up.'
01-30-2024 20:53:07.999 +0000 INFO DatabaseDirectoryManager [1346 IndexInitExecutorWorker-2] - Finished writing bucket manifest in hotWarmPath=/opt/splunk/var/lib/splunk/_internaldb/db duration=0.000
01-30-2024 20:53:07.999 +0000 INFO DatabaseDirectoryManager [1344 IndexInitExecutorWorker-0] - Start-up refreshing bucket manifest index=history
01-30-2024 20:53:07.999 +0000 INFO DatabaseDirectoryManager [1349 IndexInitExecutorWorker-5] - idx=_metrics_rollup writing a bucket manifest in hotWarmPath='/opt/splunk/var/lib/splunk/_metrics_rollup/db' pendingBucketUpdates=0 innerLockTime=0.000. Reason='Refreshing manifest at start-up.'
01-30-2024 20:53:07.999 +0000 INFO DatabaseDirectoryManager [1344 IndexInitExecutorWorker-0] - idx=history writing a bucket manifest in hotWarmPath='/opt/splunk/var/lib/splunk/historydb/db' pendingBucketUpdates=0 innerLockTime=0.000. Reason='Refreshing manifest at start-up.'
01-30-2024 20:53:07.999 +0000 INFO DatabaseDirectoryManager [1353 IndexInitExecutorWorker-9] - Finished writing bucket manifest in hotWarmPath=/opt/splunk/var/lib/splunk/defaultdb/db duration=0.000
01-30-2024 20:53:07.999 +0000 INFO DatabaseDirectoryManager [1349 IndexInitExecutorWorker-5] - Finished writing bucket manifest in hotWarmPath=/opt/splunk/var/lib/splunk/_metrics_rollup/db duration=0.000
01-30-2024 20:53:07.999 +0000 INFO DatabaseDirectoryManager [1344 IndexInitExecutorWorker-0] - Finished writing bucket manifest in hotWarmPath=/opt/splunk/var/lib/splunk/historydb/db duration=0.000
01-30-2024 20:53:07.999 +0000 INFO DatabaseDirectoryManager [1345 IndexInitExecutorWorker-1] - Finished writing bucket manifest in hotWarmPath=/opt/splunk/var/lib/splunk/summarydb/db duration=0.000
01-30-2024 20:53:07.999 +0000 INFO DatabaseDirectoryManager [1348 IndexInitExecutorWorker-4] - Start-up refreshing bucket manifest index=_metrics
01-30-2024 20:53:07.999 +0000 INFO DatabaseDirectoryManager [1348 IndexInitExecutorWorker-4] - idx=_metrics writing a bucket manifest in hotWarmPath='/opt/splunk/var/lib/splunk/_metrics/db' pendingBucketUpdates=0 innerLockTime=0.000. Reason='Refreshing manifest at start-up.'
01-30-2024 20:53:07.999 +0000 INFO DatabaseDirectoryManager [1350 IndexInitExecutorWorker-6] - Start-up refreshing bucket manifest index=_thefishbucket
01-30-2024 20:53:08.000 +0000 INFO DatabaseDirectoryManager [1350 IndexInitExecutorWorker-6] - idx=_thefishbucket writing a bucket manifest in hotWarmPath='/opt/splunk/var/lib/splunk/fishbucket/db' pendingBucketUpdates=0 innerLockTime=0.000. Reason='Refreshing manifest at start-up.'
01-30-2024 20:53:08.000 +0000 INFO DatabaseDirectoryManager [1348 IndexInitExecutorWorker-4] - Finished writing bucket manifest in hotWarmPath=/opt/splunk/var/lib/splunk/_metrics/db duration=0.000
01-30-2024 20:53:08.000 +0000 INFO DatabaseDirectoryManager [1350 IndexInitExecutorWorker-6] - Finished writing bucket manifest in hotWarmPath=/opt/splunk/var/lib/splunk/fishbucket/db duration=0.000
01-30-2024 20:53:07.999 +0000 INFO DatabaseDirectoryManager [1352 IndexInitExecutorWorker-8] - idx=_introspection writing a bucket manifest in hotWarmPath='/opt/splunk/var/lib/splunk/_introspection/db' pendingBucketUpdates=0 innerLockTime=0.000. Reason='Refreshing manifest at start-up.'
01-30-2024 20:53:08.000 +0000 INFO DatabaseDirectoryManager [1352 IndexInitExecutorWorker-8] - Finished writing bucket manifest in hotWarmPath=/opt/splunk/var/lib/splunk/_introspection/db duration=0.001
01-30-2024 20:53:08.002 +0000 INFO HotDBManager [1343 IndexerTPoolWorker-7] - idx=_audit minHotIdleSecsBeforeForceRoll=auto; initializing, current value=600
01-30-2024 20:53:08.002 +0000 INFO HotDBManager [1337 IndexerTPoolWorker-1] - idx=_introspection minHotIdleSecsBeforeForceRoll=auto; initializing, current value=600
01-30-2024 20:53:08.002 +0000 INFO HotDBManager [1341 IndexerTPoolWorker-5] - idx=_metrics_rollup minHotIdleSecsBeforeForceRoll=auto; initializing, current value=600
01-30-2024 20:53:08.002 +0000 INFO HotDBManager [1342 IndexerTPoolWorker-6] - idx=_telemetry minHotIdleSecsBeforeForceRoll=auto; initializing, current value=600
01-30-2024 20:53:08.002 +0000 INFO HotDBManager [1338 IndexerTPoolWorker-2] - idx=_thefishbucket minHotIdleSecsBeforeForceRoll=auto; initializing, current value=600
01-30-2024 20:53:08.002 +0000 INFO HotDBManager [1342 IndexerTPoolWorker-6] - idx=_telemetry Setting hot mgr params: maxHotSpanSecs=7776000 maxHotBuckets=3 minHotIdleSecsBeforeForceRoll=auto maxDataSizeBytes=268435456 quarantinePastSecs=77760000 quarantineFutureSecs=2592000
01-30-2024 20:53:08.002 +0000 INFO HotDBManager [1340 IndexerTPoolWorker-4] - idx=_metrics minHotIdleSecsBeforeForceRoll=auto; initializing, current value=600
01-30-2024 20:53:08.002 +0000 INFO HotDBManager [1343 IndexerTPoolWorker-7] - idx=_audit Setting hot mgr params: maxHotSpanSecs=7776000 maxHotBuckets=3 minHotIdleSecsBeforeForceRoll=auto maxDataSizeBytes=786432000 quarantinePastSecs=77760000 quarantineFutureSecs=2592000
01-30-2024 20:53:08.002 +0000 INFO HotDBManager [1340 IndexerTPoolWorker-4] - idx=_metrics Setting hot mgr params: maxHotSpanSecs=7776000 maxHotBuckets=3 minHotIdleSecsBeforeForceRoll=auto maxDataSizeBytes=786432000 quarantinePastSecs=77760000 quarantineFutureSecs=2592000
01-30-2024 20:53:08.002 +0000 INFO HotDBManager [1337 IndexerTPoolWorker-1] - idx=_introspection Setting hot mgr params: maxHotSpanSecs=7776000 maxHotBuckets=3 minHotIdleSecsBeforeForceRoll=auto maxDataSizeBytes=1073741824 quarantinePastSecs=77760000 quarantineFutureSecs=2592000
01-30-2024 20:53:08.002 +0000 INFO HotDBManager [1338 IndexerTPoolWorker-2] - idx=_thefishbucket Setting hot mgr params: maxHotSpanSecs=7776000 maxHotBuckets=3 minHotIdleSecsBeforeForceRoll=auto maxDataSizeBytes=524288000 quarantinePastSecs=77760000 quarantineFutureSecs=2592000
01-30-2024 20:53:08.002 +0000 INFO HotDBManager [1336 IndexerTPoolWorker-0] - idx=_configtracker minHotIdleSecsBeforeForceRoll=auto; initializing, current value=600
01-30-2024 20:53:08.002 +0000 INFO HotDBManager [1337 IndexerTPoolWorker-1] - closing hot mgr for idx=_introspection
01-30-2024 20:53:08.002 +0000 INFO HotDBManager [1338 IndexerTPoolWorker-2] - closing hot mgr for idx=_thefishbucket
01-30-2024 20:53:08.002 +0000 INFO HotDBManager [1342 IndexerTPoolWorker-6] - closing hot mgr for idx=_telemetry
01-30-2024 20:53:08.002 +0000 INFO HotDBManager [1341 IndexerTPoolWorker-5] - idx=_metrics_rollup Setting hot mgr params: maxHotSpanSecs=7776000 maxHotBuckets=3 minHotIdleSecsBeforeForceRoll=auto maxDataSizeBytes=786432000 quarantinePastSecs=77760000 quarantineFutureSecs=2592000
01-30-2024 20:53:08.002 +0000 INFO HotDBManager [1339 IndexerTPoolWorker-3] - idx=_internal minHotIdleSecsBeforeForceRoll=auto; initializing, current value=600
01-30-2024 20:53:08.002 +0000 INFO HotDBManager [1340 IndexerTPoolWorker-4] - closing hot mgr for idx=_metrics
01-30-2024 20:53:08.003 +0000 INFO HotDBManager [1339 IndexerTPoolWorker-3] - idx=_internal Setting hot mgr params: maxHotSpanSecs=432000 maxHotBuckets=3 minHotIdleSecsBeforeForceRoll=auto maxDataSizeBytes=1048576000 quarantinePastSecs=77760000 quarantineFutureSecs=2592000
01-30-2024 20:53:08.003 +0000 INFO HotDBManager [1342 IndexerTPoolWorker-6] - idx=main minHotIdleSecsBeforeForceRoll=auto; initializing, current value=600
01-30-2024 20:53:08.003 +0000 INFO HotDBManager [1339 IndexerTPoolWorker-3] - closing hot mgr for idx=_internal
01-30-2024 20:53:08.003 +0000 INFO HotDBManager [1342 IndexerTPoolWorker-6] - idx=main Setting hot mgr params: maxHotSpanSecs=7776000 maxHotBuckets=10 minHotIdleSecsBeforeForceRoll=auto maxDataSizeBytes=10737418240 quarantinePastSecs=77760000 quarantineFutureSecs=2592000
01-30-2024 20:53:08.003 +0000 INFO HotDBManager [1337 IndexerTPoolWorker-1] - idx=history minHotIdleSecsBeforeForceRoll=auto; initializing, current value=600
01-30-2024 20:53:08.003 +0000 INFO HotDBManager [1338 IndexerTPoolWorker-2] - idx=summary minHotIdleSecsBeforeForceRoll=auto; initializing, current value=600
01-30-2024 20:53:08.003 +0000 INFO HotDBManager [1342 IndexerTPoolWorker-6] - closing hot mgr for idx=main
01-30-2024 20:53:08.002 +0000 INFO HotDBManager [1343 IndexerTPoolWorker-7] - closing hot mgr for idx=_audit
01-30-2024 20:53:08.003 +0000 INFO HotDBManager [1338 IndexerTPoolWorker-2] - idx=summary Setting hot mgr params: maxHotSpanSecs=7776000 maxHotBuckets=3 minHotIdleSecsBeforeForceRoll=auto maxDataSizeBytes=786432000 quarantinePastSecs=77760000 quarantineFutureSecs=2592000
01-30-2024 20:53:08.002 +0000 INFO HotDBManager [1336 IndexerTPoolWorker-0] - idx=_configtracker Setting hot mgr params: maxHotSpanSecs=7776000 maxHotBuckets=3 minHotIdleSecsBeforeForceRoll=auto maxDataSizeBytes=786432000 quarantinePastSecs=77760000 quarantineFutureSecs=2592000
01-30-2024 20:53:08.003 +0000 INFO HotDBManager [1338 IndexerTPoolWorker-2] - closing hot mgr for idx=summary
01-30-2024 20:53:08.003 +0000 INFO HotDBManager [1337 IndexerTPoolWorker-1] - idx=history Setting hot mgr params: maxHotSpanSecs=7776000 maxHotBuckets=3 minHotIdleSecsBeforeForceRoll=auto maxDataSizeBytes=10485760 quarantinePastSecs=77760000 quarantineFutureSecs=2592000
01-30-2024 20:53:08.003 +0000 INFO HotDBManager [1341 IndexerTPoolWorker-5] - closing hot mgr for idx=_metrics_rollup
01-30-2024 20:53:08.003 +0000 INFO HotDBManager [1337 IndexerTPoolWorker-1] - closing hot mgr for idx=history
01-30-2024 20:53:08.003 +0000 INFO HotDBManager [1336 IndexerTPoolWorker-0] - closing hot mgr for idx=_configtracker
01-30-2024 20:53:08.003 +0000 INFO IndexerService [1328 SplunkdSpecificInitThread] - Initializing indexes took usec=1836 reloading=false indexes_initialized=11 failed_to_init_indexes=0
01-30-2024 20:53:08.003 +0000 INFO IndexerService [1328 SplunkdSpecificInitThread] - event=pruneStaleObjectsFromUploadJson with pendingUploadSize=0
01-30-2024 20:53:08.003 +0000 INFO IndexerService [1328 SplunkdSpecificInitThread] - adjusting tb licenses
01-30-2024 20:53:08.005 +0000 INFO NoahHeartbeat [1328 SplunkdSpecificInitThread] - Finished initiating noah operations processor. thread_pool_name=noah_operations workers_count=4 is_test_mode= 0
01-30-2024 20:53:08.005 +0000 INFO IntrospectionGenerator:disk_objects [1328 SplunkdSpecificInitThread] - Enabled: disk_objects=true indexes=true volumes=true dispatch=true fishbucket=true partitions=true summaries=true distributedIndexes=false
01-30-2024 20:53:08.005 +0000 INFO DiskMon [1328 SplunkdSpecificInitThread] - Looking up file system information about a directory that is not yet on the file system: /opt/splunk/var/lib/splunk/_configtracker/summary (this is normal when splunk is first starting up)
01-30-2024 20:53:08.005 +0000 INFO DiskMon [1328 SplunkdSpecificInitThread] - Looking up file system information about a directory that is not yet on the file system: /opt/splunk/var/lib/splunk/_internaldb/summary (this is normal when splunk is first starting up)
01-30-2024 20:53:08.005 +0000 INFO DiskMon [1328 SplunkdSpecificInitThread] - Looking up file system information about a directory that is not yet on the file system: /opt/splunk/var/lib/splunk/_introspection/summary (this is normal when splunk is first starting up)
01-30-2024 20:53:08.005 +0000 INFO DiskMon [1328 SplunkdSpecificInitThread] - Looking up file system information about a directory that is not yet on the file system: /opt/splunk/var/lib/splunk/_metrics/summary (this is normal when splunk is first starting up)
01-30-2024 20:53:08.005 +0000 INFO DiskMon [1328 SplunkdSpecificInitThread] - Looking up file system information about a directory that is not yet on the file system: /opt/splunk/var/lib/splunk/_metrics_rollup/summary (this is normal when splunk is first starting up)
01-30-2024 20:53:08.005 +0000 INFO DiskMon [1328 SplunkdSpecificInitThread] - Looking up file system information about a directory that is not yet on the file system: /opt/splunk/var/lib/splunk/_telemetry/summary (this is normal when splunk is first starting up)
01-30-2024 20:53:08.005 +0000 INFO DiskMon [1328 SplunkdSpecificInitThread] - Looking up file system information about a directory that is not yet on the file system: /opt/splunk/var/lib/splunk/audit/summary (this is normal when splunk is first starting up)
01-30-2024 20:53:08.005 +0000 INFO DiskMon [1328 SplunkdSpecificInitThread] - Looking up file system information about a directory that is not yet on the file system: /opt/splunk/var/lib/splunk/defaultdb/summary (this is normal when splunk is first starting up)
01-30-2024 20:53:08.005 +0000 INFO DiskMon [1328 SplunkdSpecificInitThread] - Looking up file system information about a directory that is not yet on the file system: /opt/splunk/var/lib/splunk/fishbucket/summary (this is normal when splunk is first starting up)
01-30-2024 20:53:08.005 +0000 INFO DiskMon [1328 SplunkdSpecificInitThread] - Looking up file system information about a directory that is not yet on the file system: /opt/splunk/var/lib/splunk/historydb/summary (this is normal when splunk is first starting up)
01-30-2024 20:53:08.005 +0000 INFO DiskMon [1328 SplunkdSpecificInitThread] - Looking up file system information about a directory that is not yet on the file system: /opt/splunk/var/lib/splunk/summarydb/summary (this is normal when splunk is first starting up)
01-30-2024 20:53:08.005 +0000 INFO IntrospectionGenerator:disk_objects [1328 SplunkdSpecificInitThread] - I-data gathering (Disk Objects) starting; period=600.000s
01-30-2024 20:53:08.005 +0000 INFO IntrospectionGenerator:disk_objects [1328 SplunkdSpecificInitThread] - Summaries gathering starting; period=1800.000, highfreqency=false
01-30-2024 20:53:08.005 +0000 INFO loader [1093 MainThread] - Initializing from configuration
01-30-2024 20:53:08.007 +0000 INFO TcpOutputProc [1359 indexerPipe] - found Whitelist forwardedindex.0.whitelist , RE : .*
01-30-2024 20:53:08.007 +0000 INFO TcpOutputProc [1359 indexerPipe] - found Blacklist forwardedindex.1.blacklist , RE : _.*
01-30-2024 20:53:08.007 +0000 INFO TcpOutputProc [1359 indexerPipe] - found Whitelist forwardedindex.2.whitelist , RE : (_audit|_internal|_introspection|_telemetry|_metrics|_metrics_rollup|_configtracker)
01-30-2024 20:53:08.013 +0000 INFO IndexProcessor [1359 indexerPipe] - Initializing: readonly=false reloading=false
01-30-2024 20:53:08.013 +0000 INFO IndexProcessor [1359 indexerPipe] - not starting rt router thread
01-30-2024 20:53:08.014 +0000 INFO HotDBManager [1359 indexerPipe] - idx=_audit minHotIdleSecsBeforeForceRoll=auto; initializing, current value=600
01-30-2024 20:53:08.014 +0000 INFO HotDBManager [1359 indexerPipe] - idx=_audit Setting hot mgr params: maxHotSpanSecs=7776000 maxHotBuckets=3 minHotIdleSecsBeforeForceRoll=auto maxDataSizeBytes=786432000 quarantinePastSecs=77760000 quarantineFutureSecs=2592000
01-30-2024 20:53:08.014 +0000 INFO HotDBManager [1359 indexerPipe] - closing hot mgr for idx=_audit
01-30-2024 20:53:08.014 +0000 INFO HotDBManager [1359 indexerPipe] - idx=_configtracker minHotIdleSecsBeforeForceRoll=auto; initializing, current value=600
01-30-2024 20:53:08.014 +0000 INFO HotDBManager [1359 indexerPipe] - idx=_configtracker Setting hot mgr params: maxHotSpanSecs=7776000 maxHotBuckets=3 minHotIdleSecsBeforeForceRoll=auto maxDataSizeBytes=786432000 quarantinePastSecs=77760000 quarantineFutureSecs=2592000
01-30-2024 20:53:08.014 +0000 INFO HotDBManager [1359 indexerPipe] - closing hot mgr for idx=_configtracker
01-30-2024 20:53:08.014 +0000 INFO HotDBManager [1359 indexerPipe] - idx=_internal minHotIdleSecsBeforeForceRoll=auto; initializing, current value=600
01-30-2024 20:53:08.014 +0000 INFO HotDBManager [1359 indexerPipe] - idx=_internal Setting hot mgr params: maxHotSpanSecs=432000 maxHotBuckets=3 minHotIdleSecsBeforeForceRoll=auto maxDataSizeBytes=1048576000 quarantinePastSecs=77760000 quarantineFutureSecs=2592000
01-30-2024 20:53:08.014 +0000 INFO HotDBManager [1359 indexerPipe] - closing hot mgr for idx=_internal
01-30-2024 20:53:08.014 +0000 INFO HotDBManager [1359 indexerPipe] - idx=_introspection minHotIdleSecsBeforeForceRoll=auto; initializing, current value=600
01-30-2024 20:53:08.014 +0000 INFO HotDBManager [1359 indexerPipe] - idx=_introspection Setting hot mgr params: maxHotSpanSecs=7776000 maxHotBuckets=3 minHotIdleSecsBeforeForceRoll=auto maxDataSizeBytes=1073741824 quarantinePastSecs=77760000 quarantineFutureSecs=2592000
01-30-2024 20:53:08.014 +0000 INFO IndexWriter [1341 IndexerTPoolWorker-5] - idx=_audit, Initializing, params='[300,period=60.000,frozenTimePeriodInSecs=188697600.000,coldToFrozenScript=,coldToFrozenPythonVersion=unspecified,coldToFrozenDir=,warmToColdScript=,maxHotBucketSize=786432000,optimizeEvery=5.000,syncMeta=true,maxTotalDataSizeMB=500000,maxGlobalRawDataSizeMB=0,maxGlobalDataSizeMB=0,maxMemoryAllocationPerHotSliceMB=5,addressCompressBits=5,isReadOnly=false,maxMergizzles=6,maxHotSpanSecs=7776000.000,maxMetadataEntries=1000000,maxHotIdleSecs=0.000,maxHotBuckets=3,maxMetricHotBuckets=6,minHotIdleSecsBeforeForceRoll=0.000,quarantinePastSecs=77760000.000,quarantineFutureSecs=2592000.000,maxSliceSize=131072,serviceMetaPeriod=25.000,partialServiceMetaPeriod=0.000,throttleCheckPeriod=15.000,homePath_maxDataSizeBytes=0,coldPath_maxDataSizeBytes=0,compressionType=zstd,lz4BlockSize=65536,compressionLevel=7,fsyncInterval=18446744073709551.615,maxBloomBackfillBucketAge_secs=2592000.000,enableOnlineBucketRepair=true,enableDataIntegrityControl=false,maxUnreplicatedMsecWithAcks=60000,maxUnreplacatedMsecNoAcks=300000,alwaysBloomBackfill=false,minStreamGroupQueueSize=2000,streamingTargetTsidxSyncPeriodMsec=5000,repFactor=0,hotBucketTimeRefreshInterval=10,enableTsidxReduction=0,suspendHotRollByDeleteQuery0,tsidxReductionCheckPeriodInSec=600.000,timePeriodInSecBeforeTsidxReduction=604800.000,remoteVolume=,remotePath=,splitByIndexKeys=,metricSplitByIndexKeys=,dataType=event,serviceInactiveIndexesPeriod=60,tsidxWritingLevel=3,metric.enableFloatingPointCompression=true,metric.compressionBlockSize=1024,metric.stubOutRawdataJournal=true,metric.timestampResolution=s,archiver.selfStorageProvider,archiver.selfStorageBucket,archiver.selfStorageBucketFolder,archiver.enableDataArchive=false,archiver.maxDataArchiveRetentionPeriod=0.000,archiver.coldStorageProvider=,hotBucketStreaming.removeRemoteSlicesOnRoll=0,hotBucketStreaming.removeRemoteSlicesOnFreeze=0,hotBucketStreaming.reportStatus=0,hotBucketStreaming.deleteHotsAfterRestart=0,hotBucketStreaming.sendSlices=0,tsidxdDedupPostingsListMaxTermsLimit=8388608,tsidxTargetSizeMB=1500,metric.tsidxTargetSizeMB=1500,waitPeriodInSecsForManifestWrite=60.000,hotlistRecency=18446744073709551.615,hotlistBloomRecency=18446744073709551.615,deleteId=0,rollCachedBucketsToColdEnabled=0]' isPeer=false
01-30-2024 20:53:08.014 +0000 INFO IndexWriter [1336 IndexerTPoolWorker-0] - idx=_internal, Initializing, params='[300,period=60.000,frozenTimePeriodInSecs=2592000.000,coldToFrozenScript=,coldToFrozenPythonVersion=unspecified,coldToFrozenDir=,warmToColdScript=,maxHotBucketSize=1048576000,optimizeEvery=5.000,syncMeta=true,maxTotalDataSizeMB=500000,maxGlobalRawDataSizeMB=0,maxGlobalDataSizeMB=0,maxMemoryAllocationPerHotSliceMB=5,addressCompressBits=5,isReadOnly=false,maxMergizzles=6,maxHotSpanSecs=432000.000,maxMetadataEntries=1000000,maxHotIdleSecs=0.000,maxHotBuckets=3,maxMetricHotBuckets=6,minHotIdleSecsBeforeForceRoll=0.000,quarantinePastSecs=77760000.000,quarantineFutureSecs=2592000.000,maxSliceSize=131072,serviceMetaPeriod=25.000,partialServiceMetaPeriod=0.000,throttleCheckPeriod=15.000,homePath_maxDataSizeBytes=0,coldPath_maxDataSizeBytes=0,compressionType=zstd,lz4BlockSize=65536,compressionLevel=7,fsyncInterval=18446744073709551.615,maxBloomBackfillBucketAge_secs=2592000.000,enableOnlineBucketRepair=true,enableDataIntegrityControl=false,maxUnreplicatedMsecWithAcks=60000,maxUnreplacatedMsecNoAcks=300000,alwaysBloomBackfill=false,minStreamGroupQueueSize=2000,streamingTargetTsidxSyncPeriodMsec=5000,repFactor=0,hotBucketTimeRefreshInterval=10,enableTsidxReduction=0,suspendHotRollByDeleteQuery0,tsidxReductionCheckPeriodInSec=600.000,timePeriodInSecBeforeTsidxReduction=604800.000,remoteVolume=,remotePath=,splitByIndexKeys=,metricSplitByIndexKeys=,dataType=event,serviceInactiveIndexesPeriod=60,tsidxWritingLevel=3,metric.enableFloatingPointCompression=true,metric.compressionBlockSize=1024,metric.stubOutRawdataJournal=true,metric.timestampResolution=s,archiver.selfStorageProvider,archiver.selfStorageBucket,archiver.selfStorageBucketFolder,archiver.enableDataArchive=false,archiver.maxDataArchiveRetentionPeriod=0.000,archiver.coldStorageProvider=,hotBucketStreaming.removeRemoteSlicesOnRoll=0,hotBucketStreaming.removeRemoteSlicesOnFreeze=0,hotBucketStreaming.reportStatus=0,hotBucketStreaming.deleteHotsAfterRestart=0,hotBucketStreaming.sendSlices=0,tsidxdDedupPostingsListMaxTermsLimit=8388608,tsidxTargetSizeMB=1500,metric.tsidxTargetSizeMB=1500,waitPeriodInSecsForManifestWrite=60.000,hotlistRecency=18446744073709551.615,hotlistBloomRecency=18446744073709551.615,deleteId=0,rollCachedBucketsToColdEnabled=0]' isPeer=false
01-30-2024 20:53:08.014 +0000 INFO IndexWriter [1336 IndexerTPoolWorker-0] - openDatabases complete currentId=-1 idx=_internal
01-30-2024 20:53:08.014 +0000 INFO HotDBManager [1359 indexerPipe] - closing hot mgr for idx=_introspection
01-30-2024 20:53:08.014 +0000 INFO IndexWriter [1341 IndexerTPoolWorker-5] - openDatabases complete currentId=-1 idx=_audit
01-30-2024 20:53:08.014 +0000 INFO IndexWriter [1340 IndexerTPoolWorker-4] - idx=_configtracker, Initializing, params='[300,period=60.000,frozenTimePeriodInSecs=2592000.000,coldToFrozenScript=,coldToFrozenPythonVersion=unspecified,coldToFrozenDir=,warmToColdScript=,maxHotBucketSize=786432000,optimizeEvery=5.000,syncMeta=true,maxTotalDataSizeMB=500000,maxGlobalRawDataSizeMB=0,maxGlobalDataSizeMB=0,maxMemoryAllocationPerHotSliceMB=5,addressCompressBits=5,isReadOnly=false,maxMergizzles=6,maxHotSpanSecs=7776000.000,maxMetadataEntries=1000000,maxHotIdleSecs=0.000,maxHotBuckets=3,maxMetricHotBuckets=6,minHotIdleSecsBeforeForceRoll=0.000,quarantinePastSecs=77760000.000,quarantineFutureSecs=2592000.000,maxSliceSize=131072,serviceMetaPeriod=25.000,partialServiceMetaPeriod=0.000,throttleCheckPeriod=15.000,homePath_maxDataSizeBytes=0,coldPath_maxDataSizeBytes=0,compressionType=zstd,lz4BlockSize=65536,compressionLevel=7,fsyncInterval=18446744073709551.615,maxBloomBackfillBucketAge_secs=2592000.000,enableOnlineBucketRepair=true,enableDataIntegrityControl=false,maxUnreplicatedMsecWithAcks=60000,maxUnreplacatedMsecNoAcks=300000,alwaysBloomBackfill=false,minStreamGroupQueueSize=2000,streamingTargetTsidxSyncPeriodMsec=5000,repFactor=0,hotBucketTimeRefreshInterval=10,enableTsidxReduction=0,suspendHotRollByDeleteQuery0,tsidxReductionCheckPeriodInSec=600.000,timePeriodInSecBeforeTsidxReduction=604800.000,remoteVolume=,remotePath=,splitByIndexKeys=,metricSplitByIndexKeys=,dataType=event,serviceInactiveIndexesPeriod=60,tsidxWritingLevel=3,metric.enableFloatingPointCompression=true,metric.compressionBlockSize=1024,metric.stubOutRawdataJournal=true,metric.timestampResolution=s,archiver.selfStorageProvider,archiver.selfStorageBucket,archiver.selfStorageBucketFolder,archiver.enableDataArchive=false,archiver.maxDataArchiveRetentionPeriod=0.000,archiver.coldStorageProvider=,hotBucketStreaming.removeRemoteSlicesOnRoll=0,hotBucketStreaming.removeRemoteSlicesOnFreeze=0,hotBucketStreaming.reportStatus=0,hotBucketStreaming.deleteHotsAfterRestart=0,hotBucketStreaming.sendSlices=0,tsidxdDedupPostingsListMaxTermsLimit=8388608,tsidxTargetSizeMB=1500,metric.tsidxTargetSizeMB=1500,waitPeriodInSecsForManifestWrite=60.000,hotlistRecency=18446744073709551.615,hotlistBloomRecency=18446744073709551.615,deleteId=0,rollCachedBucketsToColdEnabled=0]' isPeer=false
01-30-2024 20:53:08.014 +0000 INFO IndexWriter [1340 IndexerTPoolWorker-4] - openDatabases complete currentId=-1 idx=_configtracker
01-30-2024 20:53:08.014 +0000 INFO HotDBManager [1359 indexerPipe] - idx=_metrics minHotIdleSecsBeforeForceRoll=auto; initializing, current value=600
01-30-2024 20:53:08.014 +0000 INFO HotDBManager [1359 indexerPipe] - idx=_metrics Setting hot mgr params: maxHotSpanSecs=7776000 maxHotBuckets=6 minHotIdleSecsBeforeForceRoll=auto maxDataSizeBytes=786432000 quarantinePastSecs=77760000 quarantineFutureSecs=2592000
01-30-2024 20:53:08.014 +0000 INFO HotDBManager [1359 indexerPipe] - closing hot mgr for idx=_metrics
01-30-2024 20:53:08.014 +0000 INFO IndexWriter [1343 IndexerTPoolWorker-7] - idx=_introspection, Initializing, params='[300,period=60.000,frozenTimePeriodInSecs=1209600.000,coldToFrozenScript=,coldToFrozenPythonVersion=unspecified,coldToFrozenDir=,warmToColdScript=,maxHotBucketSize=1073741824,optimizeEvery=5.000,syncMeta=true,maxTotalDataSizeMB=500000,maxGlobalRawDataSizeMB=0,maxGlobalDataSizeMB=0,maxMemoryAllocationPerHotSliceMB=5,addressCompressBits=5,isReadOnly=false,maxMergizzles=6,maxHotSpanSecs=7776000.000,maxMetadataEntries=1000000,maxHotIdleSecs=0.000,maxHotBuckets=3,maxMetricHotBuckets=6,minHotIdleSecsBeforeForceRoll=0.000,quarantinePastSecs=77760000.000,quarantineFutureSecs=2592000.000,maxSliceSize=131072,serviceMetaPeriod=25.000,partialServiceMetaPeriod=0.000,throttleCheckPeriod=15.000,homePath_maxDataSizeBytes=0,coldPath_maxDataSizeBytes=0,compressionType=zstd,lz4BlockSize=65536,compressionLevel=7,fsyncInterval=18446744073709551.615,maxBloomBackfillBucketAge_secs=2592000.000,enableOnlineBucketRepair=true,enableDataIntegrityControl=false,maxUnreplicatedMsecWithAcks=60000,maxUnreplacatedMsecNoAcks=300000,alwaysBloomBackfill=false,minStreamGroupQueueSize=2000,streamingTargetTsidxSyncPeriodMsec=5000,repFactor=0,hotBucketTimeRefreshInterval=10,enableTsidxReduction=0,suspendHotRollByDeleteQuery0,tsidxReductionCheckPeriodInSec=600.000,timePeriodInSecBeforeTsidxReduction=604800.000,remoteVolume=,remotePath=,splitByIndexKeys=,metricSplitByIndexKeys=,dataType=event,serviceInactiveIndexesPeriod=60,tsidxWritingLevel=3,metric.enableFloatingPointCompression=true,metric.compressionBlockSize=1024,metric.stubOutRawdataJournal=true,metric.timestampResolution=s,archiver.selfStorageProvider,archiver.selfStorageBucket,archiver.selfStorageBucketFolder,archiver.enableDataArchive=false,archiver.maxDataArchiveRetentionPeriod=0.000,archiver.coldStorageProvider=,hotBucketStreaming.removeRemoteSlicesOnRoll=0,hotBucketStreaming.removeRemoteSlicesOnFreeze=0,hotBucketStreaming.reportStatus=0,hotBucketStreaming.deleteHotsAfterRestart=0,hotBucketStreaming.sendSlices=0,tsidxdDedupPostingsListMaxTermsLimit=8388608,tsidxTargetSizeMB=1500,metric.tsidxTargetSizeMB=1500,waitPeriodInSecsForManifestWrite=60.000,hotlistRecency=18446744073709551.615,hotlistBloomRecency=18446744073709551.615,deleteId=0,rollCachedBucketsToColdEnabled=0]' isPeer=false
01-30-2024 20:53:08.014 +0000 INFO IndexWriter [1343 IndexerTPoolWorker-7] - openDatabases complete currentId=-1 idx=_introspection
01-30-2024 20:53:08.014 +0000 INFO IndexWriter [1343 IndexerTPoolWorker-7] - idx=_metrics, Initializing, params='[300,period=60.000,frozenTimePeriodInSecs=1209600.000,coldToFrozenScript=,coldToFrozenPythonVersion=unspecified,coldToFrozenDir=,warmToColdScript=,maxHotBucketSize=786432000,optimizeEvery=5.000,syncMeta=true,maxTotalDataSizeMB=500000,maxGlobalRawDataSizeMB=0,maxGlobalDataSizeMB=0,maxMemoryAllocationPerHotSliceMB=5,addressCompressBits=5,isReadOnly=false,maxMergizzles=6,maxHotSpanSecs=7776000.000,maxMetadataEntries=1000000,maxHotIdleSecs=0.000,maxHotBuckets=3,maxMetricHotBuckets=6,minHotIdleSecsBeforeForceRoll=0.000,quarantinePastSecs=77760000.000,quarantineFutureSecs=2592000.000,maxSliceSize=131072,serviceMetaPeriod=25.000,partialServiceMetaPeriod=0.000,throttleCheckPeriod=15.000,homePath_maxDataSizeBytes=0,coldPath_maxDataSizeBytes=0,compressionType=zstd,lz4BlockSize=65536,compressionLevel=7,fsyncInterval=18446744073709551.615,maxBloomBackfillBucketAge_secs=2592000.000,enableOnlineBucketRepair=true,enableDataIntegrityControl=false,maxUnreplicatedMsecWithAcks=60000,maxUnreplacatedMsecNoAcks=300000,alwaysBloomBackfill=false,minStreamGroupQueueSize=2000,streamingTargetTsidxSyncPeriodMsec=5000,repFactor=0,hotBucketTimeRefreshInterval=10,enableTsidxReduction=0,suspendHotRollByDeleteQuery0,tsidxReductionCheckPeriodInSec=600.000,timePeriodInSecBeforeTsidxReduction=604800.000,remoteVolume=,remotePath=,splitByIndexKeys=,metricSplitByIndexKeys=metric_name,dataType=metric,serviceInactiveIndexesPeriod=60,tsidxWritingLevel=3,metric.enableFloatingPointCompression=true,metric.compressionBlockSize=1024,metric.stubOutRawdataJournal=true,metric.timestampResolution=s,archiver.selfStorageProvider,archiver.selfStorageBucket,archiver.selfStorageBucketFolder,archiver.enableDataArchive=false,archiver.maxDataArchiveRetentionPeriod=0.000,archiver.coldStorageProvider=,hotBucketStreaming.removeRemoteSlicesOnRoll=0,hotBucketStreaming.removeRemoteSlicesOnFreeze=0,hotBucketStreaming.reportStatus=0,hotBucketStreaming.deleteHotsAfterRestart=0,hotBucketStreaming.sendSlices=0,tsidxdDedupPostingsListMaxTermsLimit=8388608,tsidxTargetSizeMB=1500,metric.tsidxTargetSizeMB=1500,waitPeriodInSecsForManifestWrite=60.000,hotlistRecency=18446744073709551.615,hotlistBloomRecency=18446744073709551.615,deleteId=0,rollCachedBucketsToColdEnabled=0]' isPeer=false
01-30-2024 20:53:08.014 +0000 INFO IndexWriter [1343 IndexerTPoolWorker-7] - openDatabases complete currentId=-1 idx=_metrics
01-30-2024 20:53:08.014 +0000 INFO HotDBManager [1359 indexerPipe] - idx=_metrics_rollup minHotIdleSecsBeforeForceRoll=auto; initializing, current value=600
01-30-2024 20:53:08.014 +0000 INFO HotDBManager [1359 indexerPipe] - idx=_metrics_rollup Setting hot mgr params: maxHotSpanSecs=7776000 maxHotBuckets=6 minHotIdleSecsBeforeForceRoll=auto maxDataSizeBytes=786432000 quarantinePastSecs=77760000 quarantineFutureSecs=2592000
01-30-2024 20:53:08.014 +0000 INFO HotDBManager [1359 indexerPipe] - closing hot mgr for idx=_metrics_rollup
01-30-2024 20:53:08.015 +0000 INFO HotDBManager [1359 indexerPipe] - idx=_telemetry minHotIdleSecsBeforeForceRoll=auto; initializing, current value=600
01-30-2024 20:53:08.015 +0000 INFO HotDBManager [1359 indexerPipe] - idx=_telemetry Setting hot mgr params: maxHotSpanSecs=7776000 maxHotBuckets=3 minHotIdleSecsBeforeForceRoll=auto maxDataSizeBytes=268435456 quarantinePastSecs=77760000 quarantineFutureSecs=2592000
01-30-2024 20:53:08.015 +0000 INFO HotDBManager [1359 indexerPipe] - closing hot mgr for idx=_telemetry
01-30-2024 20:53:08.015 +0000 INFO HotDBManager [1359 indexerPipe] - idx=_thefishbucket minHotIdleSecsBeforeForceRoll=auto; initializing, current value=600
01-30-2024 20:53:08.015 +0000 INFO HotDBManager [1359 indexerPipe] - idx=_thefishbucket Setting hot mgr params: maxHotSpanSecs=7776000 maxHotBuckets=3 minHotIdleSecsBeforeForceRoll=auto maxDataSizeBytes=524288000 quarantinePastSecs=77760000 quarantineFutureSecs=2592000
01-30-2024 20:53:08.015 +0000 INFO IndexWriter [1340 IndexerTPoolWorker-4] - idx=_metrics_rollup, Initializing, params='[300,period=60.000,frozenTimePeriodInSecs=63072000.000,coldToFrozenScript=,coldToFrozenPythonVersion=unspecified,coldToFrozenDir=,warmToColdScript=,maxHotBucketSize=786432000,optimizeEvery=5.000,syncMeta=true,maxTotalDataSizeMB=500000,maxGlobalRawDataSizeMB=0,maxGlobalDataSizeMB=0,maxMemoryAllocationPerHotSliceMB=5,addressCompressBits=5,isReadOnly=false,maxMergizzles=6,maxHotSpanSecs=7776000.000,maxMetadataEntries=1000000,maxHotIdleSecs=0.000,maxHotBuckets=3,maxMetricHotBuckets=6,minHotIdleSecsBeforeForceRoll=0.000,quarantinePastSecs=77760000.000,quarantineFutureSecs=2592000.000,maxSliceSize=131072,serviceMetaPeriod=25.000,partialServiceMetaPeriod=0.000,throttleCheckPeriod=15.000,homePath_maxDataSizeBytes=0,coldPath_maxDataSizeBytes=0,compressionType=zstd,lz4BlockSize=65536,compressionLevel=7,fsyncInterval=18446744073709551.615,maxBloomBackfillBucketAge_secs=2592000.000,enableOnlineBucketRepair=true,enableDataIntegrityControl=false,maxUnreplicatedMsecWithAcks=60000,maxUnreplacatedMsecNoAcks=300000,alwaysBloomBackfill=false,minStreamGroupQueueSize=2000,streamingTargetTsidxSyncPeriodMsec=5000,repFactor=0,hotBucketTimeRefreshInterval=10,enableTsidxReduction=0,suspendHotRollByDeleteQuery0,tsidxReductionCheckPeriodInSec=600.000,timePeriodInSecBeforeTsidxReduction=604800.000,remoteVolume=,remotePath=,splitByIndexKeys=,metricSplitByIndexKeys=metric_name,dataType=metric,serviceInactiveIndexesPeriod=60,tsidxWritingLevel=3,metric.enableFloatingPointCompression=true,metric.compressionBlockSize=1024,metric.stubOutRawdataJournal=true,metric.timestampResolution=s,archiver.selfStorageProvider,archiver.selfStorageBucket,archiver.selfStorageBucketFolder,archiver.enableDataArchive=false,archiver.maxDataArchiveRetentionPeriod=0.000,archiver.coldStorageProvider=,hotBucketStreaming.removeRemoteSlicesOnRoll=0,hotBucketStreaming.removeRemoteSlicesOnFreeze=0,hotBucketStreaming.reportStatus=0,hotBucketStreaming.deleteHotsAfterRestart=0,hotBucketStreaming.sendSlices=0,tsidxdDedupPostingsListMaxTermsLimit=8388608,tsidxTargetSizeMB=1500,metric.tsidxTargetSizeMB=1500,waitPeriodInSecsForManifestWrite=60.000,hotlistRecency=18446744073709551.615,hotlistBloomRecency=18446744073709551.615,deleteId=0,rollCachedBucketsToColdEnabled=0]' isPeer=false
01-30-2024 20:53:08.015 +0000 INFO HotDBManager [1359 indexerPipe] - closing hot mgr for idx=_thefishbucket
01-30-2024 20:53:08.015 +0000 INFO IndexWriter [1340 IndexerTPoolWorker-4] - openDatabases complete currentId=-1 idx=_metrics_rollup
01-30-2024 20:53:08.015 +0000 INFO IndexWriter [1342 IndexerTPoolWorker-6] - idx=_telemetry, Initializing, params='[300,period=60.000,frozenTimePeriodInSecs=63072000.000,coldToFrozenScript=,coldToFrozenPythonVersion=unspecified,coldToFrozenDir=,warmToColdScript=,maxHotBucketSize=268435456,optimizeEvery=5.000,syncMeta=true,maxTotalDataSizeMB=500000,maxGlobalRawDataSizeMB=0,maxGlobalDataSizeMB=0,maxMemoryAllocationPerHotSliceMB=5,addressCompressBits=5,isReadOnly=false,maxMergizzles=6,maxHotSpanSecs=7776000.000,maxMetadataEntries=1000000,maxHotIdleSecs=0.000,maxHotBuckets=3,maxMetricHotBuckets=6,minHotIdleSecsBeforeForceRoll=0.000,quarantinePastSecs=77760000.000,quarantineFutureSecs=2592000.000,maxSliceSize=131072,serviceMetaPeriod=25.000,partialServiceMetaPeriod=0.000,throttleCheckPeriod=15.000,homePath_maxDataSizeBytes=0,coldPath_maxDataSizeBytes=0,compressionType=zstd,lz4BlockSize=65536,compressionLevel=7,fsyncInterval=18446744073709551.615,maxBloomBackfillBucketAge_secs=2592000.000,enableOnlineBucketRepair=true,enableDataIntegrityControl=false,maxUnreplicatedMsecWithAcks=60000,maxUnreplacatedMsecNoAcks=300000,alwaysBloomBackfill=false,minStreamGroupQueueSize=2000,streamingTargetTsidxSyncPeriodMsec=5000,repFactor=0,hotBucketTimeRefreshInterval=10,enableTsidxReduction=0,suspendHotRollByDeleteQuery0,tsidxReductionCheckPeriodInSec=600.000,timePeriodInSecBeforeTsidxReduction=604800.000,remoteVolume=,remotePath=,splitByIndexKeys=,metricSplitByIndexKeys=,dataType=event,serviceInactiveIndexesPeriod=60,tsidxWritingLevel=3,metric.enableFloatingPointCompression=true,metric.compressionBlockSize=1024,metric.stubOutRawdataJournal=true,metric.timestampResolution=s,archiver.selfStorageProvider,archiver.selfStorageBucket,archiver.selfStorageBucketFolder,archiver.enableDataArchive=false,archiver.maxDataArchiveRetentionPeriod=0.000,archiver.coldStorageProvider=,hotBucketStreaming.removeRemoteSlicesOnRoll=0,hotBucketStreaming.removeRemoteSlicesOnFreeze=0,hotBucketStreaming.reportStatus=0,hotBucketStreaming.deleteHotsAfterRestart=0,hotBucketStreaming.sendSlices=0,tsidxdDedupPostingsListMaxTermsLimit=8388608,tsidxTargetSizeMB=1500,metric.tsidxTargetSizeMB=1500,waitPeriodInSecsForManifestWrite=60.000,hotlistRecency=18446744073709551.615,hotlistBloomRecency=18446744073709551.615,deleteId=0,rollCachedBucketsToColdEnabled=0]' isPeer=false
01-30-2024 20:53:08.015 +0000 INFO IndexWriter [1342 IndexerTPoolWorker-6] - openDatabases complete currentId=-1 idx=_telemetry
01-30-2024 20:53:08.015 +0000 INFO HotDBManager [1359 indexerPipe] - idx=history minHotIdleSecsBeforeForceRoll=auto; initializing, current value=600
01-30-2024 20:53:08.015 +0000 INFO HotDBManager [1359 indexerPipe] - idx=history Setting hot mgr params: maxHotSpanSecs=7776000 maxHotBuckets=3 minHotIdleSecsBeforeForceRoll=auto maxDataSizeBytes=10485760 quarantinePastSecs=77760000 quarantineFutureSecs=2592000
01-30-2024 20:53:08.015 +0000 INFO HotDBManager [1359 indexerPipe] - closing hot mgr for idx=history
01-30-2024 20:53:08.015 +0000 INFO HotDBManager [1359 indexerPipe] - idx=main minHotIdleSecsBeforeForceRoll=auto; initializing, current value=600
01-30-2024 20:53:08.015 +0000 INFO IndexWriter [1341 IndexerTPoolWorker-5] - idx=_thefishbucket, Initializing, params='[300,period=60.000,frozenTimePeriodInSecs=2419200.000,coldToFrozenScript=,coldToFrozenPythonVersion=unspecified,coldToFrozenDir=,warmToColdScript=,maxHotBucketSize=524288000,optimizeEvery=5.000,syncMeta=true,maxTotalDataSizeMB=500000,maxGlobalRawDataSizeMB=0,maxGlobalDataSizeMB=0,maxMemoryAllocationPerHotSliceMB=5,addressCompressBits=5,isReadOnly=false,maxMergizzles=6,maxHotSpanSecs=7776000.000,maxMetadataEntries=1000000,maxHotIdleSecs=0.000,maxHotBuckets=3,maxMetricHotBuckets=6,minHotIdleSecsBeforeForceRoll=0.000,quarantinePastSecs=77760000.000,quarantineFutureSecs=2592000.000,maxSliceSize=131072,serviceMetaPeriod=25.000,partialServiceMetaPeriod=0.000,throttleCheckPeriod=15.000,homePath_maxDataSizeBytes=0,coldPath_maxDataSizeBytes=0,compressionType=zstd,lz4BlockSize=65536,compressionLevel=7,fsyncInterval=18446744073709551.615,maxBloomBackfillBucketAge_secs=2592000.000,enableOnlineBucketRepair=true,enableDataIntegrityControl=false,maxUnreplicatedMsecWithAcks=60000,maxUnreplacatedMsecNoAcks=300000,alwaysBloomBackfill=false,minStreamGroupQueueSize=2000,streamingTargetTsidxSyncPeriodMsec=5000,repFactor=0,hotBucketTimeRefreshInterval=10,enableTsidxReduction=0,suspendHotRollByDeleteQuery0,tsidxReductionCheckPeriodInSec=600.000,timePeriodInSecBeforeTsidxReduction=604800.000,remoteVolume=,remotePath=,splitByIndexKeys=,metricSplitByIndexKeys=,dataType=event,serviceInactiveIndexesPeriod=60,tsidxWritingLevel=3,metric.enableFloatingPointCompression=true,metric.compressionBlockSize=1024,metric.stubOutRawdataJournal=true,metric.timestampResolution=s,archiver.selfStorageProvider,archiver.selfStorageBucket,archiver.selfStorageBucketFolder,archiver.enableDataArchive=false,archiver.maxDataArchiveRetentionPeriod=0.000,archiver.coldStorageProvider=,hotBucketStreaming.removeRemoteSlicesOnRoll=0,hotBucketStreaming.removeRemoteSlicesOnFreeze=0,hotBucketStreaming.reportStatus=0,hotBucketStreaming.deleteHotsAfterRestart=0,hotBucketStreaming.sendSlices=0,tsidxdDedupPostingsListMaxTermsLimit=8388608,tsidxTargetSizeMB=1500,metric.tsidxTargetSizeMB=1500,waitPeriodInSecsForManifestWrite=60.000,hotlistRecency=18446744073709551.615,hotlistBloomRecency=18446744073709551.615,deleteId=0,rollCachedBucketsToColdEnabled=0]' isPeer=false
01-30-2024 20:53:08.015 +0000 INFO HotDBManager [1359 indexerPipe] - idx=main Setting hot mgr params: maxHotSpanSecs=7776000 maxHotBuckets=10 minHotIdleSecsBeforeForceRoll=auto maxDataSizeBytes=10737418240 quarantinePastSecs=77760000 quarantineFutureSecs=2592000
01-30-2024 20:53:08.015 +0000 INFO IndexWriter [1341 IndexerTPoolWorker-5] - openDatabases complete currentId=-1 idx=_thefishbucket
01-30-2024 20:53:08.015 +0000 INFO HotDBManager [1359 indexerPipe] - closing hot mgr for idx=main
01-30-2024 20:53:08.015 +0000 INFO IndexWriter [1343 IndexerTPoolWorker-7] - idx=history, Initializing, params='[300,period=60.000,frozenTimePeriodInSecs=604800.000,coldToFrozenScript=,coldToFrozenPythonVersion=unspecified,coldToFrozenDir=,warmToColdScript=,maxHotBucketSize=10485760,optimizeEvery=5.000,syncMeta=true,maxTotalDataSizeMB=500000,maxGlobalRawDataSizeMB=0,maxGlobalDataSizeMB=0,maxMemoryAllocationPerHotSliceMB=5,addressCompressBits=5,isReadOnly=false,maxMergizzles=6,maxHotSpanSecs=7776000.000,maxMetadataEntries=1000000,maxHotIdleSecs=0.000,maxHotBuckets=3,maxMetricHotBuckets=6,minHotIdleSecsBeforeForceRoll=0.000,quarantinePastSecs=77760000.000,quarantineFutureSecs=2592000.000,maxSliceSize=131072,serviceMetaPeriod=25.000,partialServiceMetaPeriod=0.000,throttleCheckPeriod=15.000,homePath_maxDataSizeBytes=0,coldPath_maxDataSizeBytes=0,compressionType=zstd,lz4BlockSize=65536,compressionLevel=7,fsyncInterval=18446744073709551.615,maxBloomBackfillBucketAge_secs=2592000.000,enableOnlineBucketRepair=true,enableDataIntegrityControl=false,maxUnreplicatedMsecWithAcks=60000,maxUnreplacatedMsecNoAcks=300000,alwaysBloomBackfill=false,minStreamGroupQueueSize=2000,streamingTargetTsidxSyncPeriodMsec=5000,repFactor=0,hotBucketTimeRefreshInterval=10,enableTsidxReduction=0,suspendHotRollByDeleteQuery0,tsidxReductionCheckPeriodInSec=600.000,timePeriodInSecBeforeTsidxReduction=604800.000,remoteVolume=,remotePath=,splitByIndexKeys=,metricSplitByIndexKeys=,dataType=event,serviceInactiveIndexesPeriod=60,tsidxWritingLevel=3,metric.enableFloatingPointCompression=true,metric.compressionBlockSize=1024,metric.stubOutRawdataJournal=true,metric.timestampResolution=s,archiver.selfStorageProvider,archiver.selfStorageBucket,archiver.selfStorageBucketFolder,archiver.enableDataArchive=false,archiver.maxDataArchiveRetentionPeriod=0.000,archiver.coldStorageProvider=,hotBucketStreaming.removeRemoteSlicesOnRoll=0,hotBucketStreaming.removeRemoteSlicesOnFreeze=0,hotBucketStreaming.reportStatus=0,hotBucketStreaming.deleteHotsAfterRestart=0,hotBucketStreaming.sendSlices=0,tsidxdDedupPostingsListMaxTermsLimit=8388608,tsidxTargetSizeMB=1500,metric.tsidxTargetSizeMB=1500,waitPeriodInSecsForManifestWrite=60.000,hotlistRecency=18446744073709551.615,hotlistBloomRecency=18446744073709551.615,deleteId=0,rollCachedBucketsToColdEnabled=0]' isPeer=false
01-30-2024 20:53:08.015 +0000 INFO IndexWriter [1343 IndexerTPoolWorker-7] - openDatabases complete currentId=-1 idx=history
01-30-2024 20:53:08.015 +0000 INFO HotDBManager [1359 indexerPipe] - idx=summary minHotIdleSecsBeforeForceRoll=auto; initializing, current value=600
01-30-2024 20:53:08.015 +0000 INFO HotDBManager [1359 indexerPipe] - idx=summary Setting hot mgr params: maxHotSpanSecs=7776000 maxHotBuckets=3 minHotIdleSecsBeforeForceRoll=auto maxDataSizeBytes=786432000 quarantinePastSecs=77760000 quarantineFutureSecs=2592000
01-30-2024 20:53:08.015 +0000 INFO HotDBManager [1359 indexerPipe] - closing hot mgr for idx=summary
01-30-2024 20:53:08.015 +0000 INFO IndexWriter [1340 IndexerTPoolWorker-4] - idx=main, Initializing, params='[300,period=60.000,frozenTimePeriodInSecs=188697600.000,coldToFrozenScript=,coldToFrozenPythonVersion=unspecified,coldToFrozenDir=,warmToColdScript=,maxHotBucketSize=10737418240,optimizeEvery=5.000,syncMeta=true,maxTotalDataSizeMB=500000,maxGlobalRawDataSizeMB=0,maxGlobalDataSizeMB=0,maxMemoryAllocationPerHotSliceMB=20,addressCompressBits=5,isReadOnly=false,maxMergizzles=6,maxHotSpanSecs=7776000.000,maxMetadataEntries=1000000,maxHotIdleSecs=86400.000,maxHotBuckets=10,maxMetricHotBuckets=6,minHotIdleSecsBeforeForceRoll=0.000,quarantinePastSecs=77760000.000,quarantineFutureSecs=2592000.000,maxSliceSize=131072,serviceMetaPeriod=25.000,partialServiceMetaPeriod=0.000,throttleCheckPeriod=15.000,homePath_maxDataSizeBytes=0,coldPath_maxDataSizeBytes=0,compressionType=zstd,lz4BlockSize=65536,compressionLevel=7,fsyncInterval=18446744073709551.615,maxBloomBackfillBucketAge_secs=2592000.000,enableOnlineBucketRepair=true,enableDataIntegrityControl=false,maxUnreplicatedMsecWithAcks=60000,maxUnreplacatedMsecNoAcks=300000,alwaysBloomBackfill=false,minStreamGroupQueueSize=2000,streamingTargetTsidxSyncPeriodMsec=5000,repFactor=0,hotBucketTimeRefreshInterval=10,enableTsidxReduction=0,suspendHotRollByDeleteQuery0,tsidxReductionCheckPeriodInSec=600.000,timePeriodInSecBeforeTsidxReduction=604800.000,remoteVolume=,remotePath=,splitByIndexKeys=,metricSplitByIndexKeys=,dataType=event,serviceInactiveIndexesPeriod=60,tsidxWritingLevel=3,metric.enableFloatingPointCompression=true,metric.compressionBlockSize=1024,metric.stubOutRawdataJournal=true,metric.timestampResolution=s,archiver.selfStorageProvider,archiver.selfStorageBucket,archiver.selfStorageBucketFolder,archiver.enableDataArchive=false,archiver.maxDataArchiveRetentionPeriod=0.000,archiver.coldStorageProvider=,hotBucketStreaming.removeRemoteSlicesOnRoll=0,hotBucketStreaming.removeRemoteSlicesOnFreeze=0,hotBucketStreaming.reportStatus=0,hotBucketStreaming.deleteHotsAfterRestart=0,hotBucketStreaming.sendSlices=0,tsidxdDedupPostingsListMaxTermsLimit=8388608,tsidxTargetSizeMB=1500,metric.tsidxTargetSizeMB=1500,waitPeriodInSecsForManifestWrite=60.000,hotlistRecency=18446744073709551.615,hotlistBloomRecency=18446744073709551.615,deleteId=0,rollCachedBucketsToColdEnabled=0]' isPeer=false
01-30-2024 20:53:08.015 +0000 INFO IndexWriter [1340 IndexerTPoolWorker-4] - openDatabases complete currentId=-1 idx=main
01-30-2024 20:53:08.015 +0000 INFO IndexWriter [1336 IndexerTPoolWorker-0] - idx=summary, Initializing, params='[300,period=60.000,frozenTimePeriodInSecs=188697600.000,coldToFrozenScript=,coldToFrozenPythonVersion=unspecified,coldToFrozenDir=,warmToColdScript=,maxHotBucketSize=786432000,optimizeEvery=5.000,syncMeta=true,maxTotalDataSizeMB=500000,maxGlobalRawDataSizeMB=0,maxGlobalDataSizeMB=0,maxMemoryAllocationPerHotSliceMB=5,addressCompressBits=5,isReadOnly=false,maxMergizzles=6,maxHotSpanSecs=7776000.000,maxMetadataEntries=1000000,maxHotIdleSecs=0.000,maxHotBuckets=3,maxMetricHotBuckets=6,minHotIdleSecsBeforeForceRoll=0.000,quarantinePastSecs=77760000.000,quarantineFutureSecs=2592000.000,maxSliceSize=131072,serviceMetaPeriod=25.000,partialServiceMetaPeriod=0.000,throttleCheckPeriod=15.000,homePath_maxDataSizeBytes=0,coldPath_maxDataSizeBytes=0,compressionType=zstd,lz4BlockSize=65536,compressionLevel=7,fsyncInterval=18446744073709551.615,maxBloomBackfillBucketAge_secs=2592000.000,enableOnlineBucketRepair=true,enableDataIntegrityControl=false,maxUnreplicatedMsecWithAcks=60000,maxUnreplacatedMsecNoAcks=300000,alwaysBloomBackfill=false,minStreamGroupQueueSize=2000,streamingTargetTsidxSyncPeriodMsec=5000,repFactor=0,hotBucketTimeRefreshInterval=10,enableTsidxReduction=0,suspendHotRollByDeleteQuery0,tsidxReductionCheckPeriodInSec=600.000,timePeriodInSecBeforeTsidxReduction=604800.000,remoteVolume=,remotePath=,splitByIndexKeys=,metricSplitByIndexKeys=,dataType=event,serviceInactiveIndexesPeriod=60,tsidxWritingLevel=3,metric.enableFloatingPointCompression=true,metric.compressionBlockSize=1024,metric.stubOutRawdataJournal=true,metric.timestampResolution=s,archiver.selfStorageProvider,archiver.selfStorageBucket,archiver.selfStorageBucketFolder,archiver.enableDataArchive=false,archiver.maxDataArchiveRetentionPeriod=0.000,archiver.coldStorageProvider=,hotBucketStreaming.removeRemoteSlicesOnRoll=0,hotBucketStreaming.removeRemoteSlicesOnFreeze=0,hotBucketStreaming.reportStatus=0,hotBucketStreaming.deleteHotsAfterRestart=0,hotBucketStreaming.sendSlices=0,tsidxdDedupPostingsListMaxTermsLimit=8388608,tsidxTargetSizeMB=1500,metric.tsidxTargetSizeMB=1500,waitPeriodInSecsForManifestWrite=60.000,hotlistRecency=18446744073709551.615,hotlistBloomRecency=18446744073709551.615,deleteId=0,rollCachedBucketsToColdEnabled=0]' isPeer=false
01-30-2024 20:53:08.015 +0000 INFO IndexWriter [1336 IndexerTPoolWorker-0] - openDatabases complete currentId=-1 idx=summary
01-30-2024 20:53:08.015 +0000 INFO IndexProcessor [1359 indexerPipe] - Initializing indexes took usec=1874 reloading=false indexes_initialized=11
01-30-2024 20:53:08.017 +0000 INFO RemoteQueueInputProcessor [1368 remotequeueinput] - Initializing RemoteQueueInputProcessor
01-30-2024 20:53:08.017 +0000 INFO RemoteQueueInputProcessor [1368 remotequeueinput] - RemoteQueueInputProcessor has not been enabled.
01-30-2024 20:53:08.017 +0000 INFO TcpInputProc [1370 tcp] - Registering metrics callback for: tcpin_connections
01-30-2024 20:53:08.018 +0000 WARN SSLOptions [1372 TcpListener] - inputs.conf/[SSL]/certLogRepeatFrequency: invalid value from system
01-30-2024 20:53:08.018 +0000 INFO TcpInputConfig [1372 TcpListener] - IPv4 port 9997 is reserved for splunk 2 splunk
01-30-2024 20:53:08.018 +0000 INFO TcpInputConfig [1372 TcpListener] - IPv4 port 9997 will negotiate s2s protocol level 6
01-30-2024 20:53:08.018 +0000 INFO TcpInputProc [1372 TcpListener] - Creating fwd data Acceptor for IPv4 port 9997 with Non-SSL
01-30-2024 20:53:10.043 +0000 INFO ExecProcessor [1379 ExecProcessor] - New scheduled exec process: /opt/splunk/bin/splunkd instrument-resource-usage
01-30-2024 20:53:10.043 +0000 INFO ExecProcessor [1379 ExecProcessor] - interval: 0 ms
01-30-2024 20:53:10.044 +0000 INFO ExecProcessor [1379 ExecProcessor] - interval="0 */4 * * *" is a valid cron schedule
01-30-2024 20:53:10.044 +0000 INFO ExecProcessor [1379 ExecProcessor] - New scheduled exec process: /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/python_upgrade_readiness_app/bin/eura_email_notification_switch_scripted_input.py
01-30-2024 20:53:10.044 +0000 INFO ExecProcessor [1379 ExecProcessor] - cron schedule: "0 */4 * * *"
01-30-2024 20:53:10.044 +0000 INFO ExecProcessor [1379 ExecProcessor] - interval="0 7,19 */1 * *" is a valid cron schedule
01-30-2024 20:53:10.044 +0000 INFO ExecProcessor [1379 ExecProcessor] - New scheduled exec process: /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/python_upgrade_readiness_app/bin/eura_remote_latest_report.py
01-30-2024 20:53:10.044 +0000 INFO ExecProcessor [1379 ExecProcessor] - cron schedule: "0 7,19 */1 * *"
01-30-2024 20:53:10.044 +0000 INFO ExecProcessor [1379 ExecProcessor] - interval="0 */4 * * *" is a valid cron schedule
01-30-2024 20:53:10.044 +0000 INFO ExecProcessor [1379 ExecProcessor] - New scheduled exec process: /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/python_upgrade_readiness_app/bin/eura_remote_scan_scripted_input.py
01-30-2024 20:53:10.044 +0000 INFO ExecProcessor [1379 ExecProcessor] - cron schedule: "0 */4 * * *"
01-30-2024 20:53:10.044 +0000 INFO ExecProcessor [1379 ExecProcessor] - interval="0 1 */1 * *" is a valid cron schedule
01-30-2024 20:53:10.044 +0000 INFO ExecProcessor [1379 ExecProcessor] - New scheduled exec process: /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/python_upgrade_readiness_app/bin/eura_scan_apps.py
01-30-2024 20:53:10.044 +0000 INFO ExecProcessor [1379 ExecProcessor] - cron schedule: "0 1 */1 * *"
01-30-2024 20:53:10.044 +0000 INFO ExecProcessor [1379 ExecProcessor] - interval="0 6 * * 1" is a valid cron schedule
01-30-2024 20:53:10.044 +0000 INFO ExecProcessor [1379 ExecProcessor] - New scheduled exec process: /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/python_upgrade_readiness_app/bin/eura_send_email.py
01-30-2024 20:53:10.044 +0000 INFO ExecProcessor [1379 ExecProcessor] - cron schedule: "0 6 * * 1"
01-30-2024 20:53:10.045 +0000 INFO ExecProcessor [1379 ExecProcessor] - interval="0 7,19 */1 * *" is a valid cron schedule
01-30-2024 20:53:10.045 +0000 INFO ExecProcessor [1379 ExecProcessor] - New scheduled exec process: /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/python_upgrade_readiness_app/bin/jura_remote_latest_report.py
01-30-2024 20:53:10.045 +0000 INFO ExecProcessor [1379 ExecProcessor] - cron schedule: "0 7,19 */1 * *"
01-30-2024 20:53:10.045 +0000 INFO ExecProcessor [1379 ExecProcessor] - interval="0 */4 * * *" is a valid cron schedule
01-30-2024 20:53:10.045 +0000 INFO ExecProcessor [1379 ExecProcessor] - New scheduled exec process: /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/python_upgrade_readiness_app/bin/jura_remote_scan_scripted_input.py
01-30-2024 20:53:10.045 +0000 INFO ExecProcessor [1379 ExecProcessor] - cron schedule: "0 */4 * * *"
01-30-2024 20:53:10.045 +0000 INFO ExecProcessor [1379 ExecProcessor] - interval="0 4 */1 * *" is a valid cron schedule
01-30-2024 20:53:10.045 +0000 INFO ExecProcessor [1379 ExecProcessor] - New scheduled exec process: /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/python_upgrade_readiness_app/bin/jura_scan_apps.py
01-30-2024 20:53:10.045 +0000 INFO ExecProcessor [1379 ExecProcessor] - cron schedule: "0 4 */1 * *"
01-30-2024 20:53:10.045 +0000 INFO ExecProcessor [1379 ExecProcessor] - interval="0 6 * * 1" is a valid cron schedule
01-30-2024 20:53:10.045 +0000 INFO ExecProcessor [1379 ExecProcessor] - New scheduled exec process: /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/python_upgrade_readiness_app/bin/jura_send_email.py
01-30-2024 20:53:10.045 +0000 INFO ExecProcessor [1379 ExecProcessor] - cron schedule: "0 6 * * 1"
01-30-2024 20:53:10.045 +0000 INFO ExecProcessor [1379 ExecProcessor] - interval="0 */4 * * *" is a valid cron schedule
01-30-2024 20:53:10.045 +0000 INFO ExecProcessor [1379 ExecProcessor] - New scheduled exec process: /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/python_upgrade_readiness_app/bin/pura_email_notification_switch_scripted_input.py
01-30-2024 20:53:10.045 +0000 INFO ExecProcessor [1379 ExecProcessor] - cron schedule: "0 */4 * * *"
01-30-2024 20:53:10.045 +0000 INFO ExecProcessor [1379 ExecProcessor] - interval="0 6 * * *" is a valid cron schedule
01-30-2024 20:53:10.045 +0000 INFO ExecProcessor [1379 ExecProcessor] - New scheduled exec process: /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/python_upgrade_readiness_app/bin/pura_get_all_apps.py
01-30-2024 20:53:10.045 +0000 INFO ExecProcessor [1379 ExecProcessor] - cron schedule: "0 6 * * *"
01-30-2024 20:53:10.046 +0000 INFO ExecProcessor [1379 ExecProcessor] - interval="0 4,16 */1 * *" is a valid cron schedule
01-30-2024 20:53:10.046 +0000 INFO ExecProcessor [1379 ExecProcessor] - New scheduled exec process: /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/python_upgrade_readiness_app/bin/pura_remote_latest_report.py
01-30-2024 20:53:10.046 +0000 INFO ExecProcessor [1379 ExecProcessor] - cron schedule: "0 4,16 */1 * *"
01-30-2024 20:53:10.046 +0000 INFO ExecProcessor [1379 ExecProcessor] - interval="0 */4 * * *" is a valid cron schedule
01-30-2024 20:53:10.046 +0000 INFO ExecProcessor [1379 ExecProcessor] - New scheduled exec process: /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/python_upgrade_readiness_app/bin/pura_remote_scan_scripted_input.py
01-30-2024 20:53:10.046 +0000 INFO ExecProcessor [1379 ExecProcessor] - cron schedule: "0 */4 * * *"
01-30-2024 20:53:10.046 +0000 INFO ExecProcessor [1379 ExecProcessor] - interval="0 1 */1 * *" is a valid cron schedule
01-30-2024 20:53:10.046 +0000 INFO ExecProcessor [1379 ExecProcessor] - New scheduled exec process: /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/python_upgrade_readiness_app/bin/pura_scan_apps.py
01-30-2024 20:53:10.046 +0000 INFO ExecProcessor [1379 ExecProcessor] - cron schedule: "0 1 */1 * *"
01-30-2024 20:53:10.046 +0000 INFO ExecProcessor [1379 ExecProcessor] - interval="0 6 * * 1" is a valid cron schedule
01-30-2024 20:53:10.046 +0000 INFO ExecProcessor [1379 ExecProcessor] - New scheduled exec process: /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/python_upgrade_readiness_app/bin/pura_send_email.py
01-30-2024 20:53:10.046 +0000 INFO ExecProcessor [1379 ExecProcessor] - cron schedule: "0 6 * * 1"
01-30-2024 20:53:10.046 +0000 INFO ExecProcessor [1379 ExecProcessor] - interval="* * * * *" is a valid cron schedule
01-30-2024 20:53:10.046 +0000 INFO ExecProcessor [1379 ExecProcessor] - New scheduled exec process: /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py
01-30-2024 20:53:10.046 +0000 INFO ExecProcessor [1379 ExecProcessor] - cron schedule: "* * * * *"
01-30-2024 20:53:10.046 +0000 INFO ExecProcessor [1379 ExecProcessor] - New scheduled exec process: /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py
01-30-2024 20:53:10.046 +0000 INFO ExecProcessor [1379 ExecProcessor] - interval: run once
01-30-2024 20:53:10.046 +0000 INFO ExecProcessor [1379 ExecProcessor] - New scheduled exec process: /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-rolling-upgrade/bin/complete.py
01-30-2024 20:53:10.046 +0000 INFO ExecProcessor [1379 ExecProcessor] - interval: run once
01-30-2024 20:53:10.046 +0000 INFO ExecProcessor [1379 ExecProcessor] - New scheduled exec process: /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py
01-30-2024 20:53:10.046 +0000 INFO ExecProcessor [1379 ExecProcessor] - interval: 15000 ms
01-30-2024 20:53:10.046 +0000 INFO ExecProcessor [1379 ExecProcessor] - New scheduled exec process: /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/selfupdate_modular_input.py
01-30-2024 20:53:10.046 +0000 INFO ExecProcessor [1379 ExecProcessor] - interval: 300000 ms
01-30-2024 20:53:10.047 +0000 INFO ExecProcessor [1379 ExecProcessor] - New scheduled exec process: /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/supervisor_modular_input.py
01-30-2024 20:53:10.047 +0000 INFO ExecProcessor [1379 ExecProcessor] - interval: 15000 ms
01-30-2024 20:53:10.047 +0000 INFO ExecProcessor [1379 ExecProcessor] - New scheduled exec process: /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/uiassets_modular_input.py
01-30-2024 20:53:10.047 +0000 INFO ExecProcessor [1379 ExecProcessor] - interval: 15000 ms
01-30-2024 20:53:10.047 +0000 INFO ExecProcessor [1379 ExecProcessor] - interval="0 * * * *" is a valid cron schedule
01-30-2024 20:53:10.047 +0000 INFO ExecProcessor [1379 ExecProcessor] - New scheduled exec process: /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_instrumentation/bin/instrumentation.py
01-30-2024 20:53:10.047 +0000 INFO ExecProcessor [1379 ExecProcessor] - cron schedule: "0 * * * *"
01-30-2024 20:53:10.047 +0000 INFO ExecProcessor [1379 ExecProcessor] - New scheduled exec process: /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_instrumentation/bin/on_splunk_start.py
01-30-2024 20:53:10.047 +0000 INFO ExecProcessor [1379 ExecProcessor] - interval: run once
01-30-2024 20:53:10.047 +0000 INFO ExecProcessor [1379 ExecProcessor] - interval="0 0 * * *" is a valid cron schedule
01-30-2024 20:53:10.047 +0000 INFO ExecProcessor [1379 ExecProcessor] - New scheduled exec process: /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_instrumentation/bin/schedule_delete.py
01-30-2024 20:53:10.047 +0000 INFO ExecProcessor [1379 ExecProcessor] - cron schedule: "0 0 * * *"
01-30-2024 20:53:10.047 +0000 INFO ExecProcessor [1379 ExecProcessor] - New scheduled exec process: /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_monitoring_console/bin/dmc_config.py
01-30-2024 20:53:10.047 +0000 INFO ExecProcessor [1379 ExecProcessor] - interval: run once
01-30-2024 20:53:10.047 +0000 INFO ExecProcessor [1379 ExecProcessor] - New scheduled exec process: /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_monitoring_console/bin/mc_auto_config.py
01-30-2024 20:53:10.047 +0000 INFO ExecProcessor [1379 ExecProcessor] - interval: 3600000 ms
01-30-2024 20:53:10.047 +0000 INFO ExecProcessor [1379 ExecProcessor] - New scheduled exec process: /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_secure_gateway/bin/ssg_alerts_ttl_modular_input.py
01-30-2024 20:53:10.047 +0000 INFO ExecProcessor [1379 ExecProcessor] - interval: 3600000 ms
01-30-2024 20:53:10.047 +0000 INFO ExecProcessor [1379 ExecProcessor] - New scheduled exec process: /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_secure_gateway/bin/ssg_enable_modular_input.py
01-30-2024 20:53:10.047 +0000 INFO ExecProcessor [1379 ExecProcessor] - interval: 60000 ms
01-30-2024 20:53:10.109 +0000 INFO PipelineComponent [1093 MainThread] - Pipeline structuredparsing disabled in default-mode.conf file
01-30-2024 20:53:10.129 +0000 WARN IntrospectionGenerator:resource_usage [1379 ExecProcessor] - SSLOptions - server.conf/[sslConfig]/sslVerifyServerCert is false disabling certificate validation; must be set to "true" for increased security
01-30-2024 20:53:10.133 +0000 WARN IntrospectionGenerator:resource_usage [1379 ExecProcessor] - SSLCommon - PYTHONHTTPSVERIFY is set to 0 in splunk-launch.conf disabling certificate validation for the httplib and urllib libraries shipped with the embedded Python interpreter; must be set to "1" for increased security
01-30-2024 20:53:10.147 +0000 WARN IntrospectionGenerator:resource_usage [1379 ExecProcessor] - SSLOptions - server.conf/[kvstore]/sslVerifyServerCert is false disabling certificate validation; must be set to "true" for increased security
01-30-2024 20:53:10.148 +0000 INFO PipelineComponent [1093 MainThread] - Pipeline remotequeuetyping disabled in default-mode.conf file
01-30-2024 20:53:10.148 +0000 INFO PipelineComponent [1093 MainThread] - Pipeline remotequeueruleset disabled in default-mode.conf file
01-30-2024 20:53:10.148 +0000 INFO PipelineComponent [1093 MainThread] - Pipeline remotequeueoutput disabled in default-mode.conf file
01-30-2024 20:53:10.149 +0000 INFO RfsOutputProcessor [1448 rfsoutput] - Initializing RfsOutputProcessor. config=\n
01-30-2024 20:53:10.149 +0000 INFO RfsOutputProcessor [1448 rfsoutput] - Loading configuration for RfsOutputProcessor
01-30-2024 20:53:10.149 +0000 INFO RfsDestination [1448 rfsoutput] - Start configuring rfsoutputs for scheme=file
01-30-2024 20:53:10.149 +0000 INFO RfsDestination [1448 rfsoutput] - mem_limit_bytes=1073741824 max_workers=4 max_jobs=4096
01-30-2024 20:53:10.149 +0000 INFO RfsDestination [1448 rfsoutput] - Finished configuring scheme=file num_dests=0
01-30-2024 20:53:10.149 +0000 INFO RfsDestination [1448 rfsoutput] - Start configuring rfsoutputs for scheme=s3
01-30-2024 20:53:10.149 +0000 INFO RfsDestination [1448 rfsoutput] - mem_limit_bytes=1073741824 max_workers=4 max_jobs=4096
01-30-2024 20:53:10.149 +0000 INFO RfsDestination [1448 rfsoutput] - Finished configuring scheme=s3 num_dests=0
01-30-2024 20:53:10.149 +0000 INFO RfsOutputProcessor [1448 rfsoutput] - No valid RfsOutputProcessors destinations found in outputs.conf across all supported remote storage schemes
01-30-2024 20:53:10.149 +0000 INFO RfsOutputProcessor [1448 rfsoutput] - RfsOutputProcessor configuration stored as pending, will be loaded soon.
01-30-2024 20:53:10.151 +0000 INFO TeeProcessor [1458 tee] - Initializing the tee processor.
01-30-2024 20:53:10.151 +0000 INFO PipelineComponent [1093 MainThread] - Pipeline vix disabled in default-mode.conf file
01-30-2024 20:53:10.152 +0000 INFO IntrospectionGenerator:resource_usage [1379 ExecProcessor] - RU_main - I-data gathering (Resource Usage) starting; period=10s
01-30-2024 20:53:10.156 +0000 ERROR IntrospectionGenerator:resource_usage [1379 ExecProcessor] - RU - Mount '/' () is not interesting, iostats will not be collected.
01-30-2024 20:53:10.156 +0000 INFO IntrospectionGenerator:resource_usage [1379 ExecProcessor] - RU_main - I-data gathering (IO Statistics) starting; interval=60s
01-30-2024 20:53:10.156 +0000 INFO IntrospectionGenerator:resource_usage [1379 ExecProcessor] - RU_main - Starting I-data gathering (IOWait Statistics). Interval_secs=10
01-30-2024 20:53:10.189 +0000 INFO PipelineComponent [1093 MainThread] - Launching the pipelines for set 0.
01-30-2024 20:53:10.189 +0000 INFO TcpOutputProc [1359 indexerPipe] - _isHttpOutConfigured=NOT_CONFIGURED
01-30-2024 20:53:10.190 +0000 INFO MetricAlertManager [1445 SchedulerThread] - 0 active metric alerts (out of 0 total) are categorized into 0 groups.
01-30-2024 20:53:10.193 +0000 INFO CMBucketId [1359 indexerPipe] - CMIndexId: New indexName=_audit inserted, mapping to id=1
01-30-2024 20:53:10.193 +0000 INFO IndexWriter [1359 indexerPipe] - Creating hot bucket=hot_v1_0, idx=_audit, bid=_audit~0~B66809E2-A0A5-4A9C-A2B7-C1189D2AAFCD, path_crc32=3387759504, event timestamp=1706647977, reason=suitable bucket not found, hot_buckets=0, max=3, sourcetype=audittrail
01-30-2024 20:53:10.194 +0000 INFO DatabaseDirectoryManager [1359 indexerPipe] - idx=_audit writing a bucket manifest in hotWarmPath='/opt/splunk/var/lib/splunk/audit/db' pendingBucketUpdates=1 innerLockTime=0.000. Reason='New hot bucket bid=_audit~0~B66809E2-A0A5-4A9C-A2B7-C1189D2AAFCD bucket_action=add'
01-30-2024 20:53:10.194 +0000 INFO DatabaseDirectoryManager [1359 indexerPipe] - Finished writing bucket manifest in hotWarmPath=/opt/splunk/var/lib/splunk/audit/db duration=0.000
01-30-2024 20:53:10.194 +0000 INFO ServerRoles [1359 indexerPipe] - Declared role=indexer.
01-30-2024 20:53:10.197 +0000 INFO PipelineComponent [1093 MainThread] - Pipeline set weights calculation timeout period has been set to value=30.000 seconds.
01-30-2024 20:53:10.197 +0000 INFO PipelineComponent [1093 MainThread] - Pipeline set number of tracking periods has been set to value=5.
01-30-2024 20:53:10.283 +0000 INFO TailingProcessor [1481 MainTailingThread] - TailWatcher initializing...
01-30-2024 20:53:10.283 +0000 INFO TailingProcessor [1481 MainTailingThread] - Parsing configuration stanza: batch://$SPLUNK_HOME/var/run/splunk/search_telemetry/*search_telemetry.json.
01-30-2024 20:53:10.285 +0000 INFO TailingProcessor [1481 MainTailingThread] - Parsing configuration stanza: batch://$SPLUNK_HOME/var/spool/splunk.
01-30-2024 20:53:10.285 +0000 INFO TailingProcessor [1481 MainTailingThread] - Parsing configuration stanza: batch://$SPLUNK_HOME/var/spool/splunk/...stash_hec.
01-30-2024 20:53:10.294 +0000 INFO TailingProcessor [1481 MainTailingThread] - Parsing configuration stanza: batch://$SPLUNK_HOME/var/spool/splunk/...stash_new.
01-30-2024 20:53:10.297 +0000 INFO ConfigWatcher [1099 HTTPDispatch] - Loaded configtracker settings with disabled=0 mode=auto log_throttling_disabled=1 log_throttling_threshold_ms=10.000 denylist= exclude_fields=
01-30-2024 20:53:10.300 +0000 INFO TailReader [1487 tailreader0] - Registering metrics callback for: tailreader0
01-30-2024 20:53:10.300 +0000 INFO TailReader [1487 tailreader0] - Starting tailreader0 thread
01-30-2024 20:53:10.300 +0000 INFO TailReader [1487 tailreader0] - tailreader0 waiting to be un-paused
01-30-2024 20:53:10.300 +0000 INFO TailReader [1488 batchreader0] - Registering metrics callback for: batchreader0
01-30-2024 20:53:10.300 +0000 INFO TailReader [1488 batchreader0] - Starting batchreader0 thread
01-30-2024 20:53:10.300 +0000 INFO TailReader [1488 batchreader0] - batchreader0 waiting to be un-paused
01-30-2024 20:53:10.296 +0000 INFO TailingProcessor [1481 MainTailingThread] - Parsing configuration stanza: batch://$SPLUNK_HOME/var/spool/splunk/tracker.log*.
01-30-2024 20:53:10.309 +0000 INFO TailingProcessor [1481 MainTailingThread] - Parsing configuration stanza: monitor://$SPLUNK_HOME/etc/splunk.version.
01-30-2024 20:53:10.309 +0000 INFO TailingProcessor [1481 MainTailingThread] - Parsing configuration stanza: monitor://$SPLUNK_HOME/var/log/introspection.
01-30-2024 20:53:10.309 +0000 INFO TailingProcessor [1481 MainTailingThread] - Parsing configuration stanza: monitor://$SPLUNK_HOME/var/log/splunk.
01-30-2024 20:53:10.309 +0000 INFO TailingProcessor [1481 MainTailingThread] - Parsing configuration stanza: monitor://$SPLUNK_HOME/var/log/splunk/configuration_change.log.
01-30-2024 20:53:10.309 +0000 INFO TailingProcessor [1481 MainTailingThread] - Parsing configuration stanza: monitor://$SPLUNK_HOME/var/log/splunk/eura_*.
01-30-2024 20:53:10.309 +0000 INFO TailingProcessor [1481 MainTailingThread] - Parsing configuration stanza: monitor://$SPLUNK_HOME/var/log/splunk/jura_*.
01-30-2024 20:53:10.311 +0000 INFO TailingProcessor [1481 MainTailingThread] - Parsing configuration stanza: monitor://$SPLUNK_HOME/var/log/splunk/license_usage_summary.log.
01-30-2024 20:53:10.311 +0000 INFO TailingProcessor [1481 MainTailingThread] - Parsing configuration stanza: monitor://$SPLUNK_HOME/var/log/splunk/pura_*.
01-30-2024 20:53:10.311 +0000 INFO TailingProcessor [1481 MainTailingThread] - Parsing configuration stanza: monitor://$SPLUNK_HOME/var/log/splunk/splunk_instrumentation_cloud.log*.
01-30-2024 20:53:10.312 +0000 INFO TailingProcessor [1481 MainTailingThread] - Parsing configuration stanza: monitor://$SPLUNK_HOME/var/log/watchdog/watchdog.log*.
01-30-2024 20:53:10.313 +0000 INFO TailReader [1481 MainTailingThread] - State transitioning from 1 to 0 (initOrResume).
01-30-2024 20:53:10.313 +0000 INFO TailReader [1481 MainTailingThread] - State transitioning from 1 to 0 (initOrResume).
01-30-2024 20:53:10.313 +0000 INFO TailingProcessor [1481 MainTailingThread] - Adding watch on path: /opt/splunk/etc/splunk.version.
01-30-2024 20:53:10.313 +0000 INFO TailingProcessor [1481 MainTailingThread] - Adding watch on path: /opt/splunk/var/log/introspection.
01-30-2024 20:53:10.313 +0000 INFO TailingProcessor [1481 MainTailingThread] - Adding watch on path: /opt/splunk/var/log/splunk.
01-30-2024 20:53:10.313 +0000 INFO TailingProcessor [1481 MainTailingThread] - Adding watch on path: /opt/splunk/var/log/watchdog.
01-30-2024 20:53:10.313 +0000 INFO TailingProcessor [1481 MainTailingThread] - Adding watch on path: /opt/splunk/var/run/splunk/search_telemetry.
01-30-2024 20:53:10.313 +0000 INFO TailingProcessor [1481 MainTailingThread] - Adding watch on path: /opt/splunk/var/spool/splunk.
01-30-2024 20:53:10.315 +0000 INFO ConfigWatcher [1489 SplunkConfigChangeWatcherThread] - SplunkConfigChangeWatcher initializing...
01-30-2024 20:53:10.315 +0000 INFO ConfigWatcher [1489 SplunkConfigChangeWatcherThread] - Kernel File Notification is enabled on this instance. inotify will be used for configuration tracking.
01-30-2024 20:53:10.321 +0000 INFO ConfigWatcher [1489 SplunkConfigChangeWatcherThread] - Watching path: /opt/splunk/etc/system/local, /opt/splunk/etc/system/default, /opt/splunk/etc/apps, /opt/splunk/etc/users, /opt/splunk/etc/peer-apps, /opt/splunk/etc/instance.cfg
01-30-2024 20:53:10.321 +0000 INFO ConfigWatcher [1489 SplunkConfigChangeWatcherThread] - Finding the deleted watched configuration files (while splunkd was down) completed in duration=0 secs
01-30-2024 20:53:10.338 +0000 INFO CMBucketId [1359 indexerPipe] - CMIndexId: New indexName=_internal inserted, mapping to id=2
01-30-2024 20:53:10.338 +0000 INFO IndexWriter [1359 indexerPipe] - Creating hot bucket=hot_v1_0, idx=_internal, bid=_internal~0~B66809E2-A0A5-4A9C-A2B7-C1189D2AAFCD, path_crc32=3569368279, event timestamp=1706647990, reason=suitable bucket not found, hot_buckets=0, max=3, sourcetype=splunk_version
01-30-2024 20:53:10.339 +0000 INFO DatabaseDirectoryManager [1359 indexerPipe] - idx=_internal writing a bucket manifest in hotWarmPath='/opt/splunk/var/lib/splunk/_internaldb/db' pendingBucketUpdates=1 innerLockTime=0.000. Reason='New hot bucket bid=_internal~0~B66809E2-A0A5-4A9C-A2B7-C1189D2AAFCD bucket_action=add'
01-30-2024 20:53:10.340 +0000 INFO DatabaseDirectoryManager [1359 indexerPipe] - Finished writing bucket manifest in hotWarmPath=/opt/splunk/var/lib/splunk/_internaldb/db duration=0.000
01-30-2024 20:53:10.380 +0000 INFO loader [1099 HTTPDispatch] - Limiting REST HTTP server to 349525 sockets
01-30-2024 20:53:10.380 +0000 INFO loader [1099 HTTPDispatch] - Limiting REST HTTP server to 1324 threads
01-30-2024 20:53:10.380 +0000 WARN X509Verify [1099 HTTPDispatch] - X509 certificate (O=SplunkUser,CN=SplunkServerDefaultCert) should not be used, as it is issued by Splunk's own default Certificate Authority (CA). This puts your Splunk instance at very high-risk of the MITM attack. Either commercial-CA-signed or self-CA-signed certificates must be used; see: <http://docs.splunk.com/Documentation/Splunk/latest/Security/Howtoself-signcertificates>
01-30-2024 20:53:10.455 +0000 INFO UiHttpListener [1493 WebuiStartup] - Limiting UI HTTP server to 349525 sockets
01-30-2024 20:53:10.455 +0000 INFO UiHttpListener [1493 WebuiStartup] - Limiting UI HTTP server to 1324 threads
01-30-2024 20:53:10.468 +0000 INFO ProxyConfig [1493 WebuiStartup] - Failed to initialize http_proxy from server.conf for splunkd. Please make sure that the http_proxy property is set as http_proxy=http://host:port in case HTTP proxying needs to be enabled.
01-30-2024 20:53:10.468 +0000 INFO ProxyConfig [1493 WebuiStartup] - Failed to initialize https_proxy from server.conf for splunkd. Please make sure that the https_proxy property is set as https_proxy=http://host:port in case HTTP proxying needs to be enabled.
01-30-2024 20:53:10.468 +0000 INFO ProxyConfig [1493 WebuiStartup] - Failed to initialize the proxy_rules setting from server.conf for splunkd. Please provide a valid set of proxy_rules in case HTTP proxying needs to be enabled.
01-30-2024 20:53:10.468 +0000 INFO ProxyConfig [1493 WebuiStartup] - Failed to initialize the no_proxy setting from server.conf for splunkd. Please provide a valid set of no_proxy rules in case HTTP proxying needs to be enabled.
01-30-2024 20:53:10.475 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" clustering mode is disabled
01-30-2024 20:53:10.682 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" splunk-dashboard-studio version is 1.11.9
01-30-2024 20:53:10.682 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" Content of /opt/splunk/etc/apps/splunk-dashboard-studio/kvstore_icon_status.conf is {}
01-30-2024 20:53:10.683 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" dashboard studio version is not matching uploaded version in splunk-dashboard-studio/kvstore_icon_status.conf. checking kvstore now ...
01-30-2024 20:53:10.683 +0000 INFO MetricSchemaProcessor [1454 typing] - channel confkey=source::/opt/splunk/var/log/introspection/disk_objects.log|host::7c50d4f7eef1|splunk_intro_disk_objects|CLONE_CHANNEL has an event with no measure, will be skipped.
01-30-2024 20:53:10.683 +0000 INFO MetricSchemaProcessor [1454 typing] - log messages will be throttled. POST to /services/admin/metric-schema-reload/_reload will force reset of the throttle counters
01-30-2024 20:53:10.684 +0000 INFO CMBucketId [1359 indexerPipe] - CMIndexId: New indexName=_introspection inserted, mapping to id=3
01-30-2024 20:53:10.685 +0000 INFO IndexWriter [1359 indexerPipe] - Creating hot bucket=hot_v1_0, idx=_introspection, bid=_introspection~0~B66809E2-A0A5-4A9C-A2B7-C1189D2AAFCD, path_crc32=198624182, event timestamp=1706647988, reason=suitable bucket not found, hot_buckets=0, max=3, sourcetype=splunk_disk_objects
01-30-2024 20:53:10.690 +0000 INFO DatabaseDirectoryManager [1359 indexerPipe] - idx=_introspection writing a bucket manifest in hotWarmPath='/opt/splunk/var/lib/splunk/_introspection/db' pendingBucketUpdates=1 innerLockTime=0.000. Reason='New hot bucket bid=_introspection~0~B66809E2-A0A5-4A9C-A2B7-C1189D2AAFCD bucket_action=add'
01-30-2024 20:53:10.691 +0000 INFO DatabaseDirectoryManager [1359 indexerPipe] - Finished writing bucket manifest in hotWarmPath=/opt/splunk/var/lib/splunk/_introspection/db duration=0.000
01-30-2024 20:53:10.691 +0000 INFO CMBucketId [1359 indexerPipe] - CMIndexId: New indexName=_metrics inserted, mapping to id=4
01-30-2024 20:53:10.691 +0000 INFO IndexWriter [1359 indexerPipe] - Creating hot bucket=hot_v1_0, idx=_metrics, bid=_metrics~0~B66809E2-A0A5-4A9C-A2B7-C1189D2AAFCD, path_crc32=198624182, event timestamp=1706647988, reason=suitable bucket not found, hot_buckets=0, max=6, sourcetype=splunk_intro_disk_objects
01-30-2024 20:53:10.693 +0000 INFO DatabaseDirectoryManager [1359 indexerPipe] - idx=_metrics writing a bucket manifest in hotWarmPath='/opt/splunk/var/lib/splunk/_metrics/db' pendingBucketUpdates=1 innerLockTime=0.000. Reason='New hot bucket bid=_metrics~0~B66809E2-A0A5-4A9C-A2B7-C1189D2AAFCD bucket_action=add'
01-30-2024 20:53:10.693 +0000 INFO DatabaseDirectoryManager [1359 indexerPipe] - Finished writing bucket manifest in hotWarmPath=/opt/splunk/var/lib/splunk/_metrics/db duration=0.000
01-30-2024 20:53:10.694 +0000 INFO IndexWriter [1359 indexerPipe] - Creating hot bucket=hot_v1_1, idx=_metrics, bid=_metrics~1~B66809E2-A0A5-4A9C-A2B7-C1189D2AAFCD, path_crc32=198624182, event timestamp=1706647988, reason=suitable bucket not found, hot_buckets=1, max=6, sourcetype=splunk_intro_disk_objects
01-30-2024 20:53:10.694 +0000 INFO DatabaseDirectoryManager [1359 indexerPipe] - idx=_metrics writing a bucket manifest in hotWarmPath='/opt/splunk/var/lib/splunk/_metrics/db' pendingBucketUpdates=1 innerLockTime=0.000. Reason='New hot bucket bid=_metrics~1~B66809E2-A0A5-4A9C-A2B7-C1189D2AAFCD bucket_action=add'
01-30-2024 20:53:10.695 +0000 INFO DatabaseDirectoryManager [1359 indexerPipe] - Finished writing bucket manifest in hotWarmPath=/opt/splunk/var/lib/splunk/_metrics/db duration=0.000
01-30-2024 20:53:10.695 +0000 INFO IndexWriter [1359 indexerPipe] - Creating hot bucket=hot_v1_2, idx=_metrics, bid=_metrics~2~B66809E2-A0A5-4A9C-A2B7-C1189D2AAFCD, path_crc32=198624182, event timestamp=1706647988, reason=suitable bucket not found, hot_buckets=2, max=6, sourcetype=splunk_intro_disk_objects
01-30-2024 20:53:10.696 +0000 INFO DatabaseDirectoryManager [1359 indexerPipe] - idx=_metrics writing a bucket manifest in hotWarmPath='/opt/splunk/var/lib/splunk/_metrics/db' pendingBucketUpdates=1 innerLockTime=0.000. Reason='New hot bucket bid=_metrics~2~B66809E2-A0A5-4A9C-A2B7-C1189D2AAFCD bucket_action=add'
01-30-2024 20:53:10.697 +0000 INFO DatabaseDirectoryManager [1359 indexerPipe] - Finished writing bucket manifest in hotWarmPath=/opt/splunk/var/lib/splunk/_metrics/db duration=0.001
01-30-2024 20:53:10.740 +0000 INFO CMBucketId [1359 indexerPipe] - CMIndexId: New indexName=_configtracker inserted, mapping to id=5
01-30-2024 20:53:10.740 +0000 INFO IndexWriter [1359 indexerPipe] - Creating hot bucket=hot_v1_0, idx=_configtracker, bid=_configtracker~0~B66809E2-A0A5-4A9C-A2B7-C1189D2AAFCD, path_crc32=3270412173, event timestamp=1706647990, reason=suitable bucket not found, hot_buckets=0, max=3, sourcetype=splunk_configuration_change
01-30-2024 20:53:10.740 +0000 INFO DatabaseDirectoryManager [1359 indexerPipe] - idx=_configtracker writing a bucket manifest in hotWarmPath='/opt/splunk/var/lib/splunk/_configtracker/db' pendingBucketUpdates=1 innerLockTime=0.000. Reason='New hot bucket bid=_configtracker~0~B66809E2-A0A5-4A9C-A2B7-C1189D2AAFCD bucket_action=add'
01-30-2024 20:53:10.741 +0000 INFO DatabaseDirectoryManager [1359 indexerPipe] - Finished writing bucket manifest in hotWarmPath=/opt/splunk/var/lib/splunk/_configtracker/db duration=0.000
01-30-2024 20:53:10.756 +0000 WARN SSLOptions [1445 SchedulerThread] - server.conf/[search_state]/sslVerifyServerCert is false disabling certificate validation; must be set to "true" for increased security
01-30-2024 20:53:10.756 +0000 WARN SSLOptions [1445 SchedulerThread] - server.conf/[search_state]/sslVerifyServerCert is false disabling certificate validation; must be set to "true" for increased security
01-30-2024 20:53:11.090 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" kvstore current status is starting
01-30-2024 20:53:11.090 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" kvstore current status is starting, wait 5 seconds
01-30-2024 20:53:11.318 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:23] [_set_app_config] [1442] Updating local node config, key=instance_id, value=53e41e45-c38d-4f72-9ea5-ca7b0fa29bc6
01-30-2024 20:53:11.429 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_secure_gateway/bin/ssg_alerts_ttl_modular_input.py" [ssg_alerts_ttl_modular_input.app:67] [setup_logging] [1490] splunk_secure_gateway_modular_input.log could not be created, will attempt to reinitialize in the next run of ssg_alerts_ttl_modular_input.app
01-30-2024 20:53:11.432 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:14] [ensure_instance_id] [1442] Updated instance_id, instance_id=53e41e45-c38d-4f72-9ea5-ca7b0fa29bc6
01-30-2024 20:53:11.703 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_secure_gateway/bin/ssg_enable_modular_input.py" [secure_gateway_enable.app:67] [setup_logging] [1491] splunk_secure_gateway_metrics.log could not be created, will attempt to reinitialize in the next run of secure_gateway_enable.app
01-30-2024 20:53:16.124 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" kvstore current status is starting
01-30-2024 20:53:16.124 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" kvstore current status is starting, wait 5 seconds
01-30-2024 20:53:20.764 +0000 INFO NoahSearchPeerFetcher [1513 AuditSearchExecutor] - Fetch requested. sid=alertsmanager_1706648000.1 use_cache=1
01-30-2024 20:53:20.765 +0000 WARN SearchProcessRunner [1513 AuditSearchExecutor] - Preforked search process pool limits: max_search_process_pool=2048, manager_threads=1, enable_search_process_long_lifespan=1, max_search_process_per_manager=2048, max_idle_process_count=64, max_idle_process_memory=1048576
01-30-2024 20:53:21.003 +0000 WARN AlertsManager [1513 AuditSearchExecutor] - alerts migration to dynamoDB needed: false
01-30-2024 20:53:21.161 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" kvstore current status is starting
01-30-2024 20:53:21.161 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" kvstore current status is starting, wait 5 seconds
01-30-2024 20:53:25.492 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:42296 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:53:25.493 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [2370] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 20:53:25.554 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:42308 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:53:25.555 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:42324 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:53:25.614 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:42332 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:53:25.615 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:42342 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:53:26.196 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" kvstore current status is starting
01-30-2024 20:53:26.196 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" kvstore current status is starting, wait 5 seconds
01-30-2024 20:53:31.242 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" kvstore current status is starting
01-30-2024 20:53:31.242 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" kvstore current status is starting, wait 5 seconds
01-30-2024 20:53:36.288 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" kvstore current status is starting
01-30-2024 20:53:36.288 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" kvstore current status is starting, wait 5 seconds
01-30-2024 20:53:37.180 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:44934 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:53:37.979 +0000 WARN DispatchReaper [1331 DispatchReaper] - Received shutdown signal during startup reaping and did not complete all reaping tasks. Reaping will be performed upon next startup.
01-30-2024 20:53:40.491 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:34834 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:53:40.493 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:34850 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:53:40.503 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:34860 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:53:40.504 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:34870 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:53:40.504 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [2408] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 20:53:40.505 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:34886 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:53:40.741 +0000 INFO TailReader [1487 tailreader0] - Batch input finished reading file='/opt/splunk/var/spool/splunk/tracker.log'
01-30-2024 20:53:40.777 +0000 INFO NoahSearchPeerFetcher [1445 SchedulerThread] - Fetch requested. sid=scheduler__nobody_c3BsdW5rX21vbml0b3JpbmdfY29uc29sZQ__RMD54740dfff07b17ef1_at_1706647989_0 use_cache=1
01-30-2024 20:53:40.900 +0000 INFO IndexWriter [1359 indexerPipe] - Creating hot bucket=hot_v1_3, idx=_metrics, bid=_metrics~3~B66809E2-A0A5-4A9C-A2B7-C1189D2AAFCD, path_crc32=1142652131, event timestamp=1706648020, reason=suitable bucket not found, hot_buckets=3, max=6, sourcetype=splunk_metrics_log
01-30-2024 20:53:40.901 +0000 INFO MetricSchemaProcessor [1454 typing] - channel confkey=source::/opt/splunk/var/log/splunk/metrics.log|host::7c50d4f7eef1|splunk_metrics_log|CLONE_CHANNEL has an event with no measure, will be skipped.
01-30-2024 20:53:40.902 +0000 INFO DatabaseDirectoryManager [1359 indexerPipe] - idx=_metrics writing a bucket manifest in hotWarmPath='/opt/splunk/var/lib/splunk/_metrics/db' pendingBucketUpdates=1 innerLockTime=0.000. Reason='New hot bucket bid=_metrics~3~B66809E2-A0A5-4A9C-A2B7-C1189D2AAFCD bucket_action=add'
01-30-2024 20:53:40.903 +0000 INFO DatabaseDirectoryManager [1359 indexerPipe] - Finished writing bucket manifest in hotWarmPath=/opt/splunk/var/lib/splunk/_metrics/db duration=0.001
01-30-2024 20:53:40.904 +0000 INFO IndexWriter [1359 indexerPipe] - Creating hot bucket=hot_v1_4, idx=_metrics, bid=_metrics~4~B66809E2-A0A5-4A9C-A2B7-C1189D2AAFCD, path_crc32=1142652131, event timestamp=1706648020, reason=suitable bucket not found, hot_buckets=4, max=6, sourcetype=splunk_metrics_log
01-30-2024 20:53:40.904 +0000 INFO KeyManagerLocalhost [1514 TcpChannelThread] - Checking for localhost key pair
01-30-2024 20:53:40.904 +0000 INFO KeyManagerLocalhost [1514 TcpChannelThread] - Public key already exists: /opt/splunk/etc/auth/distServerKeys/trusted.pem
01-30-2024 20:53:40.904 +0000 INFO KeyManagerLocalhost [1514 TcpChannelThread] - Reading public key for localhost: /opt/splunk/etc/auth/distServerKeys/trusted.pem
01-30-2024 20:53:40.904 +0000 INFO KeyManagerLocalhost [1514 TcpChannelThread] - Finished reading public key for localhost: /opt/splunk/etc/auth/distServerKeys/trusted.pem
01-30-2024 20:53:40.904 +0000 INFO KeyManagerLocalhost [1514 TcpChannelThread] - Reading private key for localhost: /opt/splunk/etc/auth/distServerKeys/private.pem
01-30-2024 20:53:40.904 +0000 INFO KeyManagerLocalhost [1514 TcpChannelThread] - Finished reading private key for localhost: /opt/splunk/etc/auth/distServerKeys/private.pem
01-30-2024 20:53:40.905 +0000 INFO DatabaseDirectoryManager [1359 indexerPipe] - idx=_metrics writing a bucket manifest in hotWarmPath='/opt/splunk/var/lib/splunk/_metrics/db' pendingBucketUpdates=1 innerLockTime=0.000. Reason='New hot bucket bid=_metrics~4~B66809E2-A0A5-4A9C-A2B7-C1189D2AAFCD bucket_action=add'
01-30-2024 20:53:40.905 +0000 INFO DatabaseDirectoryManager [1359 indexerPipe] - Finished writing bucket manifest in hotWarmPath=/opt/splunk/var/lib/splunk/_metrics/db duration=0.001
01-30-2024 20:53:40.929 +0000 INFO DispatchStorageManager [1514 TcpChannelThread] - Remote storage disabled for search artifacts.
01-30-2024 20:53:41.329 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" kvstore current status is starting
01-30-2024 20:53:41.329 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" kvstore current status is starting, wait 5 seconds
01-30-2024 20:53:42.051 +0000 INFO ServerRoles [1321 KVStoreConfigurationThread] - Declared role=kv_store.
01-30-2024 20:53:42.052 +0000 INFO CertStorageProvider [1321 KVStoreConfigurationThread] - Updating status from starting to ready
01-30-2024 20:53:42.052 +0000 INFO CertStorageProvider [1321 KVStoreConfigurationThread] - Updating status from starting to ready
01-30-2024 20:53:42.052 +0000 INFO Rsa2FA [1321 KVStoreConfigurationThread] - Could not find [externalTwoFactorAuthSettings] in authentication stanza.
01-30-2024 20:53:42.052 +0000 INFO LoggedOutSessionManager [1321 KVStoreConfigurationThread] - Not enabling token invalidation. kvstore_enabled=1 kvstore_status=ready invalidateSessionTokensOnLogout=0
01-30-2024 20:53:46.380 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" kvstore current status is ready
01-30-2024 20:53:46.380 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" kvstore status is ready, start next step to upload icons
01-30-2024 20:53:46.391 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" start saving to kvstore, name is icon-laptop__52890fef-3a2c-46f8-bd0b-ed50e62b7290.svg, type is image/svg+xml
01-30-2024 20:53:46.428 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" complete saving to kvstore, response: {'date': 'Tue, 30 Jan 2024 20:53:46 GMT', 'expires': 'Thu, 26 Oct 1978 00:00:00 GMT', 'cache-control': 'no-store, no-cache, must-revalidate, max-age=0', 'content-type': 'application/json; charset=UTF-8', 'x-content-type-options': 'nosniff', 'content-length': '64', 'vary': 'Authorization', 'connection': 'Close', 'x-frame-options': 'SAMEORIGIN', 'server': 'Splunkd', 'status': '201'}, content: b'{"_key":"icon-laptop__52890fef-3a2c-46f8-bd0b-ed50e62b7290.svg"}'
01-30-2024 20:53:46.429 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" start saving to kvstore, name is icon-datacenters__440605f5-471f-4bba-ab7d-80e274222c77.svg, type is image/svg+xml
01-30-2024 20:53:46.442 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" complete saving to kvstore, response: {'date': 'Tue, 30 Jan 2024 20:53:46 GMT', 'expires': 'Thu, 26 Oct 1978 00:00:00 GMT', 'cache-control': 'no-store, no-cache, must-revalidate, max-age=0', 'content-type': 'application/json; charset=UTF-8', 'x-content-type-options': 'nosniff', 'content-length': '69', 'vary': 'Authorization', 'connection': 'Close', 'x-frame-options': 'SAMEORIGIN', 'server': 'Splunkd', 'status': '201'}, content: b'{"_key":"icon-datacenters__440605f5-471f-4bba-ab7d-80e274222c77.svg"}'
01-30-2024 20:53:46.442 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" start saving to kvstore, name is icon-active-directory__e03b60f5-d599-485e-bc89-67b86f2f80c7.svg, type is image/svg+xml
01-30-2024 20:53:46.454 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" complete saving to kvstore, response: {'date': 'Tue, 30 Jan 2024 20:53:46 GMT', 'expires': 'Thu, 26 Oct 1978 00:00:00 GMT', 'cache-control': 'no-store, no-cache, must-revalidate, max-age=0', 'content-type': 'application/json; charset=UTF-8', 'x-content-type-options': 'nosniff', 'content-length': '74', 'vary': 'Authorization', 'connection': 'Close', 'x-frame-options': 'SAMEORIGIN', 'server': 'Splunkd', 'status': '201'}, content: b'{"_key":"icon-active-directory__e03b60f5-d599-485e-bc89-67b86f2f80c7.svg"}'
01-30-2024 20:53:46.455 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" start saving to kvstore, name is icon-datastores__bc6a3e09-0548-405c-a5aa-916e6b8b5069.svg, type is image/svg+xml
01-30-2024 20:53:46.466 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" complete saving to kvstore, response: {'date': 'Tue, 30 Jan 2024 20:53:46 GMT', 'expires': 'Thu, 26 Oct 1978 00:00:00 GMT', 'cache-control': 'no-store, no-cache, must-revalidate, max-age=0', 'content-type': 'application/json; charset=UTF-8', 'x-content-type-options': 'nosniff', 'content-length': '68', 'vary': 'Authorization', 'connection': 'Close', 'x-frame-options': 'SAMEORIGIN', 'server': 'Splunkd', 'status': '201'}, content: b'{"_key":"icon-datastores__bc6a3e09-0548-405c-a5aa-916e6b8b5069.svg"}'
01-30-2024 20:53:46.467 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" start saving to kvstore, name is icon-gear__c99f1d12-649f-433a-890a-bbf5cf548a6a.svg, type is image/svg+xml
01-30-2024 20:53:46.480 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" complete saving to kvstore, response: {'date': 'Tue, 30 Jan 2024 20:53:46 GMT', 'expires': 'Thu, 26 Oct 1978 00:00:00 GMT', 'cache-control': 'no-store, no-cache, must-revalidate, max-age=0', 'content-type': 'application/json; charset=UTF-8', 'x-content-type-options': 'nosniff', 'content-length': '62', 'vary': 'Authorization', 'connection': 'Close', 'x-frame-options': 'SAMEORIGIN', 'server': 'Splunkd', 'status': '201'}, content: b'{"_key":"icon-gear__c99f1d12-649f-433a-890a-bbf5cf548a6a.svg"}'
01-30-2024 20:53:46.480 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" start saving to kvstore, name is icon-profile__f42da35c-8364-4004-94b8-ff02a7d0db83.svg, type is image/svg+xml
01-30-2024 20:53:46.491 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" complete saving to kvstore, response: {'date': 'Tue, 30 Jan 2024 20:53:46 GMT', 'expires': 'Thu, 26 Oct 1978 00:00:00 GMT', 'cache-control': 'no-store, no-cache, must-revalidate, max-age=0', 'content-type': 'application/json; charset=UTF-8', 'x-content-type-options': 'nosniff', 'content-length': '65', 'vary': 'Authorization', 'connection': 'Close', 'x-frame-options': 'SAMEORIGIN', 'server': 'Splunkd', 'status': '201'}, content: b'{"_key":"icon-profile__f42da35c-8364-4004-94b8-ff02a7d0db83.svg"}'
01-30-2024 20:53:46.492 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" start saving to kvstore, name is icon-mobile__b5237b27-e8b3-4c1e-b247-341eea64a063.svg, type is image/svg+xml
01-30-2024 20:53:46.503 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" complete saving to kvstore, response: {'date': 'Tue, 30 Jan 2024 20:53:46 GMT', 'expires': 'Thu, 26 Oct 1978 00:00:00 GMT', 'cache-control': 'no-store, no-cache, must-revalidate, max-age=0', 'content-type': 'application/json; charset=UTF-8', 'x-content-type-options': 'nosniff', 'content-length': '64', 'vary': 'Authorization', 'connection': 'Close', 'x-frame-options': 'SAMEORIGIN', 'server': 'Splunkd', 'status': '201'}, content: b'{"_key":"icon-mobile__b5237b27-e8b3-4c1e-b247-341eea64a063.svg"}'
01-30-2024 20:53:46.504 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" start saving to kvstore, name is icon-load-balancer__4a4261a1-51e2-45aa-b89d-2911d1ceac62.svg, type is image/svg+xml
01-30-2024 20:53:46.516 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" complete saving to kvstore, response: {'date': 'Tue, 30 Jan 2024 20:53:46 GMT', 'expires': 'Thu, 26 Oct 1978 00:00:00 GMT', 'cache-control': 'no-store, no-cache, must-revalidate, max-age=0', 'content-type': 'application/json; charset=UTF-8', 'x-content-type-options': 'nosniff', 'content-length': '71', 'vary': 'Authorization', 'connection': 'Close', 'x-frame-options': 'SAMEORIGIN', 'server': 'Splunkd', 'status': '201'}, content: b'{"_key":"icon-load-balancer__4a4261a1-51e2-45aa-b89d-2911d1ceac62.svg"}'
01-30-2024 20:53:46.516 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" start saving to kvstore, name is icon-server__3fcecd0d-1645-4745-bdec-9a612660b662.svg, type is image/svg+xml
01-30-2024 20:53:46.528 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" complete saving to kvstore, response: {'date': 'Tue, 30 Jan 2024 20:53:46 GMT', 'expires': 'Thu, 26 Oct 1978 00:00:00 GMT', 'cache-control': 'no-store, no-cache, must-revalidate, max-age=0', 'content-type': 'application/json; charset=UTF-8', 'x-content-type-options': 'nosniff', 'content-length': '64', 'vary': 'Authorization', 'connection': 'Close', 'x-frame-options': 'SAMEORIGIN', 'server': 'Splunkd', 'status': '201'}, content: b'{"_key":"icon-server__3fcecd0d-1645-4745-bdec-9a612660b662.svg"}'
01-30-2024 20:53:46.528 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" start saving to kvstore, name is icon-firewall__037c3797-3676-4b94-aa5f-01293cafab69.svg, type is image/svg+xml
01-30-2024 20:53:46.539 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" complete saving to kvstore, response: {'date': 'Tue, 30 Jan 2024 20:53:46 GMT', 'expires': 'Thu, 26 Oct 1978 00:00:00 GMT', 'cache-control': 'no-store, no-cache, must-revalidate, max-age=0', 'content-type': 'application/json; charset=UTF-8', 'x-content-type-options': 'nosniff', 'content-length': '66', 'vary': 'Authorization', 'connection': 'Close', 'x-frame-options': 'SAMEORIGIN', 'server': 'Splunkd', 'status': '201'}, content: b'{"_key":"icon-firewall__037c3797-3676-4b94-aa5f-01293cafab69.svg"}'
01-30-2024 20:53:46.540 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" start saving to kvstore, name is icon-users__229c9a8c-1b2e-4978-9d7e-4222e1d7a9b3.svg, type is image/svg+xml
01-30-2024 20:53:46.550 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" complete saving to kvstore, response: {'date': 'Tue, 30 Jan 2024 20:53:46 GMT', 'expires': 'Thu, 26 Oct 1978 00:00:00 GMT', 'cache-control': 'no-store, no-cache, must-revalidate, max-age=0', 'content-type': 'application/json; charset=UTF-8', 'x-content-type-options': 'nosniff', 'content-length': '63', 'vary': 'Authorization', 'connection': 'Close', 'x-frame-options': 'SAMEORIGIN', 'server': 'Splunkd', 'status': '201'}, content: b'{"_key":"icon-users__229c9a8c-1b2e-4978-9d7e-4222e1d7a9b3.svg"}'
01-30-2024 20:53:46.551 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" start saving to kvstore, name is icon-check__e29f784a-31a2-4544-813f-efce24d5be32.svg, type is image/svg+xml
01-30-2024 20:53:46.560 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" complete saving to kvstore, response: {'date': 'Tue, 30 Jan 2024 20:53:46 GMT', 'expires': 'Thu, 26 Oct 1978 00:00:00 GMT', 'cache-control': 'no-store, no-cache, must-revalidate, max-age=0', 'content-type': 'application/json; charset=UTF-8', 'x-content-type-options': 'nosniff', 'content-length': '63', 'vary': 'Authorization', 'connection': 'Close', 'x-frame-options': 'SAMEORIGIN', 'server': 'Splunkd', 'status': '201'}, content: b'{"_key":"icon-check__e29f784a-31a2-4544-813f-efce24d5be32.svg"}'
01-30-2024 20:53:46.560 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" start saving to kvstore, name is icon-datastore__6267aa47-166b-4079-9801-df148e603b43.svg, type is image/svg+xml
01-30-2024 20:53:46.569 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" complete saving to kvstore, response: {'date': 'Tue, 30 Jan 2024 20:53:46 GMT', 'expires': 'Thu, 26 Oct 1978 00:00:00 GMT', 'cache-control': 'no-store, no-cache, must-revalidate, max-age=0', 'content-type': 'application/json; charset=UTF-8', 'x-content-type-options': 'nosniff', 'content-length': '67', 'vary': 'Authorization', 'connection': 'Close', 'x-frame-options': 'SAMEORIGIN', 'server': 'Splunkd', 'status': '201'}, content: b'{"_key":"icon-datastore__6267aa47-166b-4079-9801-df148e603b43.svg"}'
01-30-2024 20:53:46.570 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" start saving to kvstore, name is icon-cloud__b26f30f1-329e-4739-89ab-0a8a8bd24e7d.svg, type is image/svg+xml
01-30-2024 20:53:46.579 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" complete saving to kvstore, response: {'date': 'Tue, 30 Jan 2024 20:53:46 GMT', 'expires': 'Thu, 26 Oct 1978 00:00:00 GMT', 'cache-control': 'no-store, no-cache, must-revalidate, max-age=0', 'content-type': 'application/json; charset=UTF-8', 'x-content-type-options': 'nosniff', 'content-length': '63', 'vary': 'Authorization', 'connection': 'Close', 'x-frame-options': 'SAMEORIGIN', 'server': 'Splunkd', 'status': '201'}, content: b'{"_key":"icon-cloud__b26f30f1-329e-4739-89ab-0a8a8bd24e7d.svg"}'
01-30-2024 20:53:46.580 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" start saving to kvstore, name is icon-datacenter__13a43013-4b5b-4553-a035-ebcb43b0bbcb.svg, type is image/svg+xml
01-30-2024 20:53:46.588 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" complete saving to kvstore, response: {'date': 'Tue, 30 Jan 2024 20:53:46 GMT', 'expires': 'Thu, 26 Oct 1978 00:00:00 GMT', 'cache-control': 'no-store, no-cache, must-revalidate, max-age=0', 'content-type': 'application/json; charset=UTF-8', 'x-content-type-options': 'nosniff', 'content-length': '68', 'vary': 'Authorization', 'connection': 'Close', 'x-frame-options': 'SAMEORIGIN', 'server': 'Splunkd', 'status': '201'}, content: b'{"_key":"icon-datacenter__13a43013-4b5b-4553-a035-ebcb43b0bbcb.svg"}'
01-30-2024 20:53:46.589 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" start saving to kvstore, name is icon-desktop__65679a5e-ea9f-4dfc-9a72-e31b0f8b10ef.svg, type is image/svg+xml
01-30-2024 20:53:46.598 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" complete saving to kvstore, response: {'date': 'Tue, 30 Jan 2024 20:53:46 GMT', 'expires': 'Thu, 26 Oct 1978 00:00:00 GMT', 'cache-control': 'no-store, no-cache, must-revalidate, max-age=0', 'content-type': 'application/json; charset=UTF-8', 'x-content-type-options': 'nosniff', 'content-length': '65', 'vary': 'Authorization', 'connection': 'Close', 'x-frame-options': 'SAMEORIGIN', 'server': 'Splunkd', 'status': '201'}, content: b'{"_key":"icon-desktop__65679a5e-ea9f-4dfc-9a72-e31b0f8b10ef.svg"}'
01-30-2024 20:53:46.598 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" splunk-dashboard-icons collection is successfully updated :: True
01-30-2024 20:53:46.598 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-dashboard-studio/bin/save_image_and_icon_on_install.py" /opt/splunk/etc/apps/splunk-dashboard-studio/kvstore_icon_status.conf is updated with {'default': {'uploadedVersion': '1.11.9'}}
01-30-2024 20:53:51.255 +0000 ERROR HttpListener [1514 TcpChannelThread] - Exception while processing request from 127.0.0.1:57774 for /servicesNS/nobody/splunk_instrumentation/storage/collections/data/instrumentation/instrumentation_deploymentID: Could not find object id=instrumentation trace="[0x000055790C5DE3A4] "? (splunkd + 0x197D3A4)";[0x000055790C9AADC1] "_ZN16TcpChannelThread4mainEv + 385 (splunkd + 0x1D49DC1)";[0x000055790DA7979E] "_ZN6Thread37_callMainAndDiscardTerminateExceptionEv + 14 (splunkd + 0x2E1879E)";[0x000055790DA7A6B3] "_ZN6Thread8callMainEPv + 147 (splunkd + 0x2E196B3)";[0x00007F94CF7351CA] "? (libpthread.so.0 + 0x81CA)";[0x00007F94CEAB8E73] "clone + 67 (libc.so.6 + 0x39E73)""
01-30-2024 20:53:51.270 +0000 INFO TelemetryHandler [1514 TcpChannelThread] - Telemetry Data Collection has been enabled for app=splunk_instrumentation for categories=License Usage.
01-30-2024 20:53:55.491 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:57802 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:53:55.492 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [2512] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 20:53:55.553 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:57808 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:53:55.554 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:57824 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:53:55.623 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:57838 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:53:55.624 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:57850 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:54:00.001 +0000 INFO ExecProcessor [1379 ExecProcessor] - setting reschedule_ms=59999, for command=/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py
01-30-2024 20:54:00.432 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:45388 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:54:00.433 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" Socket error communicating with splunkd (error=[Errno 104] Connection reset by peer), path = /servicesNS/nobody/system/web-features/feature:quarantine_files?output_mode=json
01-30-2024 20:54:00.433 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" WARNING Failed to get quarantine files settings: Splunkd daemon is not responding: ('Error connecting to /servicesNS/nobody/system/web-features/feature:quarantine_files?output_mode=json: [Errno 104] Connection reset by peer',)
01-30-2024 20:54:00.433 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" Quarantine files framework - Unexpected error during execution: 'NoneType' object is not subscriptable
01-30-2024 20:54:07.252 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:45390 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:54:10.507 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:50196 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:54:10.509 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:50212 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:54:10.512 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:50214 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:54:10.513 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [2547] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 20:54:10.517 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:50220 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:54:10.519 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:50236 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:54:10.772 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:50248 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:54:10.772 +0000 INFO TailReader [1487 tailreader0] - Batch input finished reading file='/opt/splunk/var/spool/splunk/tracker.log'
01-30-2024 20:54:10.773 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_secure_gateway/bin/ssg_enable_modular_input.py" [secure_gateway_enable.app:67] [setup_logging] [2548] splunk_secure_gateway_metrics.log could not be created, will attempt to reinitialize in the next run of secure_gateway_enable.app
01-30-2024 20:54:25.498 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:43572 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:54:25.499 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [2580] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 20:54:25.557 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:43576 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:54:25.559 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:43590 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:54:25.618 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:43592 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:54:25.619 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:43604 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:54:37.323 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:42544 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:54:40.545 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:36140 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:54:40.546 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:36146 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:54:40.555 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:36150 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:54:40.556 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:36166 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:54:40.608 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:36168 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:54:40.610 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [2605] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 20:54:40.893 +0000 INFO TailReader [1487 tailreader0] - Batch input finished reading file='/opt/splunk/var/spool/splunk/tracker.log'
01-30-2024 20:54:55.501 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:53862 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:54:55.502 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [2626] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 20:54:55.564 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:53866 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:54:55.565 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:53870 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:54:55.630 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:53882 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:54:55.631 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:53886 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:55:00.002 +0000 INFO ExecProcessor [1379 ExecProcessor] - setting reschedule_ms=59998, for command=/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py
01-30-2024 20:55:00.354 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:51856 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:55:00.355 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" Socket error communicating with splunkd (error=[Errno 104] Connection reset by peer), path = /servicesNS/nobody/system/web-features/feature:quarantine_files?output_mode=json
01-30-2024 20:55:00.355 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" WARNING Failed to get quarantine files settings: Splunkd daemon is not responding: ('Error connecting to /servicesNS/nobody/system/web-features/feature:quarantine_files?output_mode=json: [Errno 104] Connection reset by peer',)
01-30-2024 20:55:00.355 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" Quarantine files framework - Unexpected error during execution: 'NoneType' object is not subscriptable
01-30-2024 20:55:07.379 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:51868 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:55:10.426 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:49720 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:55:10.427 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:49722 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:55:10.499 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:49724 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:55:10.500 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:49732 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:55:10.548 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:49738 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:55:10.549 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [2658] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 20:55:10.683 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:49750 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:55:10.684 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_secure_gateway/bin/ssg_enable_modular_input.py" [secure_gateway_enable.app:67] [setup_logging] [2655] splunk_secure_gateway_metrics.log could not be created, will attempt to reinitialize in the next run of secure_gateway_enable.app
01-30-2024 20:55:10.894 +0000 INFO TailReader [1487 tailreader0] - Batch input finished reading file='/opt/splunk/var/spool/splunk/tracker.log'
01-30-2024 20:55:20.164 +0000 INFO IOWaitHealthReport [1379 ExecProcessor] - Starting IOWaitHealthReport
01-30-2024 20:55:25.349 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:46436 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:55:25.350 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [2689] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 20:55:25.428 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:46440 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:55:25.430 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:46454 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:55:25.492 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:46456 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:55:25.493 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:46470 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:55:37.505 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:49392 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:55:40.436 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:47696 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:55:40.438 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:47704 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:55:40.500 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:47718 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:55:40.501 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:47734 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:55:40.565 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:47746 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:55:40.566 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [2717] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 20:55:40.952 +0000 INFO TailReader [1487 tailreader0] - Batch input finished reading file='/opt/splunk/var/spool/splunk/tracker.log'
01-30-2024 20:55:55.465 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:52178 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:55:55.466 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [2738] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 20:55:55.536 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:52186 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:55:55.537 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:52202 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:55:55.598 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:52218 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:55:55.599 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:52228 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:56:00.060 +0000 INFO ExecProcessor [1379 ExecProcessor] - setting reschedule_ms=59940, for command=/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py
01-30-2024 20:56:00.452 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:55886 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:56:00.453 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" Socket error communicating with splunkd (error=[Errno 104] Connection reset by peer), path = /servicesNS/nobody/system/web-features/feature:quarantine_files?output_mode=json
01-30-2024 20:56:00.453 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" WARNING Failed to get quarantine files settings: Splunkd daemon is not responding: ('Error connecting to /servicesNS/nobody/system/web-features/feature:quarantine_files?output_mode=json: [Errno 104] Connection reset by peer',)
01-30-2024 20:56:00.453 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" Quarantine files framework - Unexpected error during execution: 'NoneType' object is not subscriptable
01-30-2024 20:56:07.572 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:55892 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:56:10.496 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:45434 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:56:10.498 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:45438 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:56:10.568 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:45440 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:56:10.569 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:45448 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:56:10.608 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:45456 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:56:10.609 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [2776] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 20:56:10.750 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:45464 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:56:10.750 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_secure_gateway/bin/ssg_enable_modular_input.py" [secure_gateway_enable.app:67] [setup_logging] [2773] splunk_secure_gateway_metrics.log could not be created, will attempt to reinitialize in the next run of secure_gateway_enable.app
01-30-2024 20:56:10.952 +0000 INFO TailReader [1487 tailreader0] - Batch input finished reading file='/opt/splunk/var/spool/splunk/tracker.log'
01-30-2024 20:56:25.440 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:44218 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:56:25.441 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [2806] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 20:56:25.502 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:44228 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:56:25.503 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:44242 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:56:25.564 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:44258 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:56:25.565 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:44274 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:56:37.630 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:54840 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:56:40.407 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:57454 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:56:40.409 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:57462 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:56:40.486 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:57466 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:56:40.487 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:57472 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:56:40.552 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:57482 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:56:40.553 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [2832] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 20:56:40.953 +0000 INFO TailReader [1487 tailreader0] - Batch input finished reading file='/opt/splunk/var/spool/splunk/tracker.log'
01-30-2024 20:56:55.516 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:37090 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:56:55.518 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [2852] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 20:56:55.648 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:37104 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:56:55.650 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:37120 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:56:55.731 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:37136 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:56:55.732 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:37146 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:57:00.002 +0000 INFO ExecProcessor [1379 ExecProcessor] - setting reschedule_ms=59998, for command=/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py
01-30-2024 20:57:00.461 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:54400 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:57:00.462 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" Socket error communicating with splunkd (error=[Errno 104] Connection reset by peer), path = /servicesNS/nobody/system/web-features/feature:quarantine_files?output_mode=json
01-30-2024 20:57:00.462 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" WARNING Failed to get quarantine files settings: Splunkd daemon is not responding: ('Error connecting to /servicesNS/nobody/system/web-features/feature:quarantine_files?output_mode=json: [Errno 104] Connection reset by peer',)
01-30-2024 20:57:00.462 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" Quarantine files framework - Unexpected error during execution: 'NoneType' object is not subscriptable
01-30-2024 20:57:07.700 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:54404 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:57:10.407 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:42230 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:57:10.408 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:42242 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:57:10.474 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:42252 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:57:10.475 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:42260 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:57:10.529 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:42266 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:57:10.530 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [2889] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 20:57:10.649 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:42272 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:57:10.649 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_secure_gateway/bin/ssg_enable_modular_input.py" [secure_gateway_enable.app:67] [setup_logging] [2886] splunk_secure_gateway_metrics.log could not be created, will attempt to reinitialize in the next run of secure_gateway_enable.app
01-30-2024 20:57:10.953 +0000 INFO TailReader [1487 tailreader0] - Batch input finished reading file='/opt/splunk/var/spool/splunk/tracker.log'
01-30-2024 20:57:25.299 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:49304 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:57:25.300 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [2917] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 20:57:25.367 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:49320 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:57:25.369 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:49326 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:57:25.438 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:49330 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:57:25.440 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:49338 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:57:37.766 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:33260 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:57:40.345 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:51540 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:57:40.346 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:51556 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:57:40.388 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:51572 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:57:40.389 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:51580 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:57:40.451 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:51594 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:57:40.453 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [2950] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 20:57:40.952 +0000 INFO TailReader [1487 tailreader0] - Batch input finished reading file='/opt/splunk/var/spool/splunk/tracker.log'
01-30-2024 20:57:55.310 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:59874 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:57:55.311 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [2969] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 20:57:55.377 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:59888 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:57:55.378 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:59894 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:57:55.448 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:59896 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:57:55.450 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:59902 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:58:00.003 +0000 INFO ExecProcessor [1379 ExecProcessor] - setting reschedule_ms=59997, for command=/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py
01-30-2024 20:58:00.342 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:40140 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:58:00.343 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" Socket error communicating with splunkd (error=[Errno 104] Connection reset by peer), path = /servicesNS/nobody/system/web-features/feature:quarantine_files?output_mode=json
01-30-2024 20:58:00.343 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" WARNING Failed to get quarantine files settings: Splunkd daemon is not responding: ('Error connecting to /servicesNS/nobody/system/web-features/feature:quarantine_files?output_mode=json: [Errno 104] Connection reset by peer',)
01-30-2024 20:58:00.343 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" Quarantine files framework - Unexpected error during execution: 'NoneType' object is not subscriptable
01-30-2024 20:58:07.828 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:40148 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:58:10.439 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:43704 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:58:10.441 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:43714 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:58:10.510 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:43730 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:58:10.512 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:43746 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:58:10.568 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:43756 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:58:10.569 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [3001] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 20:58:10.632 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:43768 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:58:10.634 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:43784 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:58:10.710 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:43790 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:58:10.711 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_secure_gateway/bin/ssg_enable_modular_input.py" [secure_gateway_enable.app:67] [setup_logging] [2998] splunk_secure_gateway_metrics.log could not be created, will attempt to reinitialize in the next run of secure_gateway_enable.app
01-30-2024 20:58:10.954 +0000 INFO TailReader [1487 tailreader0] - Batch input finished reading file='/opt/splunk/var/spool/splunk/tracker.log'
01-30-2024 20:58:25.564 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:60064 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:58:25.565 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:60068 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:58:25.573 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:60072 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:58:25.575 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:60080 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:58:25.575 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:60092 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:58:25.576 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [3035] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 20:58:37.894 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:35064 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:58:40.317 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:33632 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:58:40.318 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [3063] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 20:58:40.378 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:33638 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:58:40.380 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:33648 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:58:40.461 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:33664 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:58:40.462 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:33668 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:58:40.844 +0000 INFO TailReader [1487 tailreader0] - Batch input finished reading file='/opt/splunk/var/spool/splunk/tracker.log'
01-30-2024 20:58:55.490 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:60510 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:58:55.491 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:60514 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:58:55.520 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:60520 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:58:55.521 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:60526 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:58:55.557 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:60528 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:58:55.558 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [3080] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 20:59:00.005 +0000 INFO ExecProcessor [1379 ExecProcessor] - setting reschedule_ms=59995, for command=/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py
01-30-2024 20:59:00.511 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:47374 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:59:00.512 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" Socket error communicating with splunkd (error=[Errno 104] Connection reset by peer), path = /servicesNS/nobody/system/web-features/feature:quarantine_files?output_mode=json
01-30-2024 20:59:00.512 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" WARNING Failed to get quarantine files settings: Splunkd daemon is not responding: ('Error connecting to /servicesNS/nobody/system/web-features/feature:quarantine_files?output_mode=json: [Errno 104] Connection reset by peer',)
01-30-2024 20:59:00.512 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" Quarantine files framework - Unexpected error during execution: 'NoneType' object is not subscriptable
01-30-2024 20:59:07.953 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:47376 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:59:10.382 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:53756 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:59:10.383 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:53764 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:59:10.452 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:53780 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:59:10.454 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [3116] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 20:59:10.534 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:53796 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:59:10.535 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:53810 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:59:10.631 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:53816 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:59:10.632 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_secure_gateway/bin/ssg_enable_modular_input.py" [secure_gateway_enable.app:67] [setup_logging] [3114] splunk_secure_gateway_metrics.log could not be created, will attempt to reinitialize in the next run of secure_gateway_enable.app
01-30-2024 20:59:10.954 +0000 INFO TailReader [1487 tailreader0] - Batch input finished reading file='/opt/splunk/var/spool/splunk/tracker.log'
01-30-2024 20:59:25.338 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:42706 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:59:25.340 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:42708 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:59:25.399 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:42716 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:59:25.400 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:42720 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:59:25.460 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:42722 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:59:25.461 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [3146] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 20:59:38.018 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:59588 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:59:40.332 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:40002 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:59:40.332 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [3174] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 20:59:40.411 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:40012 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:59:40.413 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:40018 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:59:40.503 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:40032 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:59:40.505 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:40040 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:59:40.956 +0000 INFO TailReader [1487 tailreader0] - Batch input finished reading file='/opt/splunk/var/spool/splunk/tracker.log'
01-30-2024 20:59:55.327 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:33588 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:59:55.328 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:33596 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:59:55.388 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:33600 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:59:55.389 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:33612 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:59:55.456 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:33626 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 20:59:55.457 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [3193] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:00:00.002 +0000 INFO ExecProcessor [1379 ExecProcessor] - setting reschedule_ms=59998, for command=/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py
01-30-2024 21:00:00.003 +0000 INFO ExecProcessor [1379 ExecProcessor] - setting reschedule_ms=3599997, for command=/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_instrumentation/bin/instrumentation.py
01-30-2024 21:00:00.354 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:51400 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:00:00.354 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" Socket error communicating with splunkd (error=[Errno 104] Connection reset by peer), path = /servicesNS/nobody/system/web-features/feature:quarantine_files?output_mode=json
01-30-2024 21:00:00.354 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" WARNING Failed to get quarantine files settings: Splunkd daemon is not responding: ('Error connecting to /servicesNS/nobody/system/web-features/feature:quarantine_files?output_mode=json: [Errno 104] Connection reset by peer',)
01-30-2024 21:00:00.355 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" Quarantine files framework - Unexpected error during execution: 'NoneType' object is not subscriptable
01-30-2024 21:00:08.082 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:51414 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:00:10.374 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:46558 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:00:10.376 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:46562 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:00:10.440 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:46576 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:00:10.441 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [3232] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:00:10.517 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:46586 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:00:10.518 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:46594 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:00:10.606 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:46610 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:00:10.607 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_secure_gateway/bin/ssg_enable_modular_input.py" [secure_gateway_enable.app:67] [setup_logging] [3230] splunk_secure_gateway_metrics.log could not be created, will attempt to reinitialize in the next run of secure_gateway_enable.app
01-30-2024 21:00:10.957 +0000 INFO TailReader [1487 tailreader0] - Batch input finished reading file='/opt/splunk/var/spool/splunk/tracker.log'
01-30-2024 21:00:25.315 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:55948 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:00:25.317 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:55950 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:00:25.382 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:55962 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:00:25.383 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:55966 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:00:25.451 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:55976 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:00:25.452 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [3256] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:00:38.144 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:41940 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:00:40.319 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:34512 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:00:40.319 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [3292] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:00:40.386 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:34524 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:00:40.387 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:34528 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:00:40.456 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:34532 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:00:40.457 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:34538 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:00:40.956 +0000 INFO TailReader [1487 tailreader0] - Batch input finished reading file='/opt/splunk/var/spool/splunk/tracker.log'
01-30-2024 21:00:55.361 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:34376 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:00:55.362 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:34392 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:00:55.408 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:34400 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:00:55.410 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:34410 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:00:55.467 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:34422 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:00:55.468 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [3313] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:01:00.005 +0000 INFO ExecProcessor [1379 ExecProcessor] - setting reschedule_ms=59995, for command=/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py
01-30-2024 21:01:00.405 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:34622 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:01:00.408 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_instrumentation/bin/instrumentation.py" Traceback (most recent call last):
01-30-2024 21:01:00.408 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_instrumentation/bin/instrumentation.py" File "/opt/splunk/etc/apps/splunk_instrumentation/bin/instrumentation.py", line 188, in <module>
01-30-2024 21:01:00.408 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_instrumentation/bin/instrumentation.py" main()
01-30-2024 21:01:00.408 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_instrumentation/bin/instrumentation.py" File "/opt/splunk/etc/apps/splunk_instrumentation/bin/instrumentation.py", line 177, in main
01-30-2024 21:01:00.408 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_instrumentation/bin/instrumentation.py" telemetry_conf_service = services.telemetry_conf_service
01-30-2024 21:01:00.408 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_instrumentation/bin/instrumentation.py" File "/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/service_bundle.py", line 28, in telemetry_conf_service
01-30-2024 21:01:00.408 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_instrumentation/bin/instrumentation.py" self._telemetry_conf_service.fetch()
01-30-2024 21:01:00.408 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_instrumentation/bin/instrumentation.py" File "/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/telemetry_conf_service.py", line 56, in fetch
01-30-2024 21:01:00.408 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_instrumentation/bin/instrumentation.py" app=constants.INST_APP_NAME)
01-30-2024 21:01:00.408 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_instrumentation/bin/instrumentation.py" File "/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/binding.py", line 290, in wrapper
01-30-2024 21:01:00.408 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_instrumentation/bin/instrumentation.py" return request_fun(self, *args, **kwargs)
01-30-2024 21:01:00.408 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_instrumentation/bin/instrumentation.py" File "/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/binding.py", line 71, in new_f
01-30-2024 21:01:00.408 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_instrumentation/bin/instrumentation.py" val = f(*args, **kwargs)
01-30-2024 21:01:00.408 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_instrumentation/bin/instrumentation.py" File "/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/binding.py", line 835, in request
01-30-2024 21:01:00.408 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_instrumentation/bin/instrumentation.py" 'body': body})
01-30-2024 21:01:00.408 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_instrumentation/bin/instrumentation.py" File "/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/binding.py", line 1259, in request
01-30-2024 21:01:00.408 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_instrumentation/bin/instrumentation.py" response = self.handler(url, message, **kwargs)
01-30-2024 21:01:00.408 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_instrumentation/bin/instrumentation.py" File "/opt/splunk/etc/apps/splunk_instrumentation/bin/splunk_instrumentation/splunklib/binding.py", line 1402, in request
01-30-2024 21:01:00.408 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_instrumentation/bin/instrumentation.py" response = connection.getresponse()
01-30-2024 21:01:00.408 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_instrumentation/bin/instrumentation.py" File "/opt/splunk/lib/python3.7/http/client.py", line 1373, in getresponse
01-30-2024 21:01:00.408 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_instrumentation/bin/instrumentation.py" response.begin()
01-30-2024 21:01:00.408 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_instrumentation/bin/instrumentation.py" File "/opt/splunk/lib/python3.7/http/client.py", line 319, in begin
01-30-2024 21:01:00.408 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_instrumentation/bin/instrumentation.py" version, status, reason = self._read_status()
01-30-2024 21:01:00.408 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_instrumentation/bin/instrumentation.py" File "/opt/splunk/lib/python3.7/http/client.py", line 280, in _read_status
01-30-2024 21:01:00.408 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_instrumentation/bin/instrumentation.py" line = str(self.fp.readline(_MAXLINE + 1), "iso-8859-1")
01-30-2024 21:01:00.408 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_instrumentation/bin/instrumentation.py" File "/opt/splunk/lib/python3.7/socket.py", line 589, in readinto
01-30-2024 21:01:00.408 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_instrumentation/bin/instrumentation.py" return self._sock.recv_into(b)
01-30-2024 21:01:00.408 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_instrumentation/bin/instrumentation.py" ConnectionResetError: [Errno 104] Connection reset by peer
01-30-2024 21:01:00.453 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:34626 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:01:00.454 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" Socket error communicating with splunkd (error=[Errno 104] Connection reset by peer), path = /servicesNS/nobody/system/web-features/feature:quarantine_files?output_mode=json
01-30-2024 21:01:00.454 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" WARNING Failed to get quarantine files settings: Splunkd daemon is not responding: ('Error connecting to /servicesNS/nobody/system/web-features/feature:quarantine_files?output_mode=json: [Errno 104] Connection reset by peer',)
01-30-2024 21:01:00.454 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" Quarantine files framework - Unexpected error during execution: 'NoneType' object is not subscriptable
01-30-2024 21:01:08.211 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:34634 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:01:10.405 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:39878 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:01:10.407 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:39884 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:01:10.498 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:39894 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:01:10.499 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [3347] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:01:10.594 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:39896 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:01:10.595 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:39900 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:01:10.693 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:39914 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:01:10.693 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_secure_gateway/bin/ssg_enable_modular_input.py" [secure_gateway_enable.app:67] [setup_logging] [3345] splunk_secure_gateway_metrics.log could not be created, will attempt to reinitialize in the next run of secure_gateway_enable.app
01-30-2024 21:01:10.956 +0000 INFO TailReader [1487 tailreader0] - Batch input finished reading file='/opt/splunk/var/spool/splunk/tracker.log'
01-30-2024 21:01:25.297 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:32994 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:01:25.298 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:33004 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:01:25.368 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:33012 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:01:25.369 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:33024 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:01:25.437 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:33038 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:01:25.438 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [3374] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:01:38.269 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:47068 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:01:40.316 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:47894 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:01:40.317 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [3404] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:01:40.379 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:47898 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:01:40.381 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:47902 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:01:40.446 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:47906 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:01:40.448 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:47914 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:01:40.957 +0000 INFO TailReader [1487 tailreader0] - Batch input finished reading file='/opt/splunk/var/spool/splunk/tracker.log'
01-30-2024 21:01:55.402 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:58260 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:01:55.404 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:58262 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:01:55.471 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:58272 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:01:55.472 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:58280 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:01:55.533 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:58288 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:01:55.534 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [3422] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:02:00.003 +0000 INFO ExecProcessor [1379 ExecProcessor] - setting reschedule_ms=59997, for command=/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py
01-30-2024 21:02:00.395 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:57786 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:02:00.395 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" Socket error communicating with splunkd (error=[Errno 104] Connection reset by peer), path = /servicesNS/nobody/system/web-features/feature:quarantine_files?output_mode=json
01-30-2024 21:02:00.395 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" WARNING Failed to get quarantine files settings: Splunkd daemon is not responding: ('Error connecting to /servicesNS/nobody/system/web-features/feature:quarantine_files?output_mode=json: [Errno 104] Connection reset by peer',)
01-30-2024 21:02:00.395 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" Quarantine files framework - Unexpected error during execution: 'NoneType' object is not subscriptable
01-30-2024 21:02:08.331 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:57796 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:02:10.382 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:44640 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:02:10.383 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:44652 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:02:10.450 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:44662 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:02:10.450 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [3459] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:02:10.528 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:44676 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:02:10.529 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:44686 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:02:10.613 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:44692 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:02:10.613 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_secure_gateway/bin/ssg_enable_modular_input.py" [secure_gateway_enable.app:67] [setup_logging] [3457] splunk_secure_gateway_metrics.log could not be created, will attempt to reinitialize in the next run of secure_gateway_enable.app
01-30-2024 21:02:10.957 +0000 INFO TailReader [1487 tailreader0] - Batch input finished reading file='/opt/splunk/var/spool/splunk/tracker.log'
01-30-2024 21:02:25.311 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:39480 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:02:25.313 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:39496 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:02:25.384 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:39512 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:02:25.385 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:39528 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:02:25.451 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:39536 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:02:25.451 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [3482] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:02:38.398 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:59566 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:02:40.313 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:53988 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:02:40.314 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [3516] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:02:40.377 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:54002 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:02:40.379 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:54016 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:02:40.444 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:54024 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:02:40.445 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:54032 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:02:40.959 +0000 INFO TailReader [1487 tailreader0] - Batch input finished reading file='/opt/splunk/var/spool/splunk/tracker.log'
01-30-2024 21:02:55.312 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:48108 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:02:55.313 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:48122 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:02:55.386 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:48134 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:02:55.388 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:48144 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:02:55.459 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:48158 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:02:55.459 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [3534] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:03:00.002 +0000 INFO ExecProcessor [1379 ExecProcessor] - setting reschedule_ms=59998, for command=/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py
01-30-2024 21:03:00.405 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:47818 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:03:00.405 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" Socket error communicating with splunkd (error=[Errno 104] Connection reset by peer), path = /servicesNS/nobody/system/web-features/feature:quarantine_files?output_mode=json
01-30-2024 21:03:00.405 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" WARNING Failed to get quarantine files settings: Splunkd daemon is not responding: ('Error connecting to /servicesNS/nobody/system/web-features/feature:quarantine_files?output_mode=json: [Errno 104] Connection reset by peer',)
01-30-2024 21:03:00.406 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" Quarantine files framework - Unexpected error during execution: 'NoneType' object is not subscriptable
01-30-2024 21:03:08.461 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:47830 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:03:10.398 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:39378 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:03:10.400 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:39384 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:03:10.469 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:39386 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:03:10.470 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [3573] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:03:10.545 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:39392 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:03:10.546 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:39408 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:03:10.620 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:39414 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:03:10.621 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:39416 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:03:10.643 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:39430 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:03:10.643 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_secure_gateway/bin/ssg_enable_modular_input.py" [secure_gateway_enable.app:67] [setup_logging] [3571] splunk_secure_gateway_metrics.log could not be created, will attempt to reinitialize in the next run of secure_gateway_enable.app
01-30-2024 21:03:10.830 +0000 INFO TailReader [1487 tailreader0] - Batch input finished reading file='/opt/splunk/var/spool/splunk/tracker.log'
01-30-2024 21:03:25.319 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:50232 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:03:25.320 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:50246 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:03:25.408 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:50258 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:03:25.410 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:50260 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:03:25.475 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:50272 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:03:25.476 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [3609] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:03:38.524 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:59454 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:03:40.317 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:37140 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:03:40.318 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [3641] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:03:40.388 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:37152 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:03:40.389 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:37164 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:03:40.467 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:37168 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:03:40.468 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:37182 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:03:40.791 +0000 INFO TailReader [1487 tailreader0] - Batch input finished reading file='/opt/splunk/var/spool/splunk/tracker.log'
01-30-2024 21:03:55.365 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:41594 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:03:55.366 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:41608 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:03:55.428 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:41622 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:03:55.429 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:41638 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:03:55.507 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:41650 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:03:55.508 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [3663] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:04:00.003 +0000 INFO ExecProcessor [1379 ExecProcessor] - setting reschedule_ms=59997, for command=/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py
01-30-2024 21:04:00.381 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:49790 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:04:00.381 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" Socket error communicating with splunkd (error=[Errno 104] Connection reset by peer), path = /servicesNS/nobody/system/web-features/feature:quarantine_files?output_mode=json
01-30-2024 21:04:00.381 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" WARNING Failed to get quarantine files settings: Splunkd daemon is not responding: ('Error connecting to /servicesNS/nobody/system/web-features/feature:quarantine_files?output_mode=json: [Errno 104] Connection reset by peer',)
01-30-2024 21:04:00.381 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" Quarantine files framework - Unexpected error during execution: 'NoneType' object is not subscriptable
01-30-2024 21:04:08.588 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:49794 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:04:10.395 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:36904 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:04:10.397 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:36914 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:04:10.469 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:36916 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:04:10.469 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [3705] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:04:10.549 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:36928 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:04:10.550 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:36930 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:04:10.650 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:36940 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:04:10.651 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_secure_gateway/bin/ssg_enable_modular_input.py" [secure_gateway_enable.app:67] [setup_logging] [3703] splunk_secure_gateway_metrics.log could not be created, will attempt to reinitialize in the next run of secure_gateway_enable.app
01-30-2024 21:04:10.958 +0000 INFO TailReader [1487 tailreader0] - Batch input finished reading file='/opt/splunk/var/spool/splunk/tracker.log'
01-30-2024 21:04:25.530 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:58078 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:04:25.532 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:58080 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:04:25.604 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:58092 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:04:25.605 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:58108 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:04:25.661 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:58114 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:04:25.662 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [3735] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:04:38.650 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:41952 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:04:40.352 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:57906 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:04:40.353 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [3765] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:04:40.421 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:57908 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:04:40.422 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:57914 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:04:40.506 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:57924 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:04:40.508 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:57928 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:04:40.961 +0000 INFO TailReader [1487 tailreader0] - Batch input finished reading file='/opt/splunk/var/spool/splunk/tracker.log'
01-30-2024 21:04:55.317 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:50898 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:04:55.319 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:50900 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:04:55.384 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:50910 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:04:55.385 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:50916 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:04:55.453 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:50918 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:04:55.454 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [3783] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:05:00.005 +0000 INFO ExecProcessor [1379 ExecProcessor] - setting reschedule_ms=59995, for command=/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py
01-30-2024 21:05:00.548 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:52422 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:05:00.549 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" Socket error communicating with splunkd (error=[Errno 104] Connection reset by peer), path = /servicesNS/nobody/system/web-features/feature:quarantine_files?output_mode=json
01-30-2024 21:05:00.550 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" WARNING Failed to get quarantine files settings: Splunkd daemon is not responding: ('Error connecting to /servicesNS/nobody/system/web-features/feature:quarantine_files?output_mode=json: [Errno 104] Connection reset by peer',)
01-30-2024 21:05:00.550 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" Quarantine files framework - Unexpected error during execution: 'NoneType' object is not subscriptable
01-30-2024 21:05:08.720 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:52436 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:05:10.421 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:46636 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:05:10.423 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:46642 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:05:10.474 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:46648 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:05:10.474 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [3817] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:05:10.543 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:46654 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:05:10.544 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:46664 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:05:10.657 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:46670 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:05:10.658 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_secure_gateway/bin/ssg_enable_modular_input.py" [secure_gateway_enable.app:67] [setup_logging] [3815] splunk_secure_gateway_metrics.log could not be created, will attempt to reinitialize in the next run of secure_gateway_enable.app
01-30-2024 21:05:10.959 +0000 INFO TailReader [1487 tailreader0] - Batch input finished reading file='/opt/splunk/var/spool/splunk/tracker.log'
01-30-2024 21:05:25.323 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:40022 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:05:25.324 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:40036 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:05:25.390 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:40046 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:05:25.392 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:40048 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:05:25.461 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:40054 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:05:25.462 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [3844] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:05:38.787 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:35952 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:05:40.455 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:45504 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:05:40.456 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [3871] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:05:40.531 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:45512 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:05:40.533 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:45516 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:05:40.607 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:45524 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:05:40.610 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:45530 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:05:40.959 +0000 INFO TailReader [1487 tailreader0] - Batch input finished reading file='/opt/splunk/var/spool/splunk/tracker.log'
01-30-2024 21:05:55.524 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:55896 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:05:55.526 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:55898 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:05:55.591 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:55900 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:05:55.593 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:55916 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:05:55.655 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:55918 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:05:55.656 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [3893] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:06:00.002 +0000 INFO ExecProcessor [1379 ExecProcessor] - setting reschedule_ms=59998, for command=/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py
01-30-2024 21:06:00.464 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:51484 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:06:00.465 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" Socket error communicating with splunkd (error=[Errno 104] Connection reset by peer), path = /servicesNS/nobody/system/web-features/feature:quarantine_files?output_mode=json
01-30-2024 21:06:00.465 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" WARNING Failed to get quarantine files settings: Splunkd daemon is not responding: ('Error connecting to /servicesNS/nobody/system/web-features/feature:quarantine_files?output_mode=json: [Errno 104] Connection reset by peer',)
01-30-2024 21:06:00.465 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" Quarantine files framework - Unexpected error during execution: 'NoneType' object is not subscriptable
01-30-2024 21:06:08.858 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:51490 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:06:10.538 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:47638 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:06:10.539 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:47644 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:06:10.603 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:47650 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:06:10.604 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [3931] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:06:10.674 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:47666 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:06:10.675 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:47676 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:06:10.853 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:47684 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:06:10.853 +0000 INFO TailReader [1487 tailreader0] - Batch input finished reading file='/opt/splunk/var/spool/splunk/tracker.log'
01-30-2024 21:06:10.853 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_secure_gateway/bin/ssg_enable_modular_input.py" [secure_gateway_enable.app:67] [setup_logging] [3929] splunk_secure_gateway_metrics.log could not be created, will attempt to reinitialize in the next run of secure_gateway_enable.app
01-30-2024 21:06:25.472 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:57060 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:06:25.474 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:57066 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:06:25.541 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:57080 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:06:25.542 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:57082 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:06:25.604 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:57086 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:06:25.606 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [3962] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:06:38.924 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:39828 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:06:40.449 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:48184 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:06:40.450 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [3987] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:06:40.520 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:48200 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:06:40.521 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:48206 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:06:40.591 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:48216 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:06:40.593 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:48224 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:06:40.960 +0000 INFO TailReader [1487 tailreader0] - Batch input finished reading file='/opt/splunk/var/spool/splunk/tracker.log'
01-30-2024 21:06:55.492 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:45788 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:06:55.494 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:45800 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:06:55.545 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:45814 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:06:55.547 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:45822 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:06:55.618 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:45834 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:06:55.619 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [4010] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:07:00.005 +0000 INFO ExecProcessor [1379 ExecProcessor] - setting reschedule_ms=59995, for command=/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py
01-30-2024 21:07:00.589 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:58848 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:07:00.590 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" Socket error communicating with splunkd (error=[Errno 104] Connection reset by peer), path = /servicesNS/nobody/system/web-features/feature:quarantine_files?output_mode=json
01-30-2024 21:07:00.590 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" WARNING Failed to get quarantine files settings: Splunkd daemon is not responding: ('Error connecting to /servicesNS/nobody/system/web-features/feature:quarantine_files?output_mode=json: [Errno 104] Connection reset by peer',)
01-30-2024 21:07:00.591 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" Quarantine files framework - Unexpected error during execution: 'NoneType' object is not subscriptable
01-30-2024 21:07:08.995 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:58850 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:07:10.694 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:46844 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:07:10.696 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:46846 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:07:10.773 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:46858 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:07:10.774 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [4047] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:07:10.798 +0000 INFO TailReader [1487 tailreader0] - Batch input finished reading file='/opt/splunk/var/spool/splunk/tracker.log'
01-30-2024 21:07:10.849 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:46862 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:07:10.850 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:46872 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:07:11.157 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:46876 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:07:11.158 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_secure_gateway/bin/ssg_enable_modular_input.py" [secure_gateway_enable.app:67] [setup_logging] [4045] splunk_secure_gateway_metrics.log could not be created, will attempt to reinitialize in the next run of secure_gateway_enable.app
01-30-2024 21:07:25.379 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:59892 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:07:25.381 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:59896 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:07:25.437 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:59898 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:07:25.438 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:59910 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:07:25.499 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:59918 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:07:25.499 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [4071] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:07:39.075 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:42884 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:07:40.461 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:46356 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:07:40.462 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [4098] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:07:40.531 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:46360 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:07:40.532 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:46374 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:07:40.596 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:46376 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:07:40.597 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:46378 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:07:40.962 +0000 INFO TailReader [1487 tailreader0] - Batch input finished reading file='/opt/splunk/var/spool/splunk/tracker.log'
01-30-2024 21:07:55.376 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:35494 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:07:55.378 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:35504 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:07:55.440 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:35506 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:07:55.441 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:35520 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:07:55.505 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:35530 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:07:55.506 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [4121] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:08:00.003 +0000 INFO ExecProcessor [1379 ExecProcessor] - setting reschedule_ms=59997, for command=/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py
01-30-2024 21:08:00.338 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:53782 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:08:00.339 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" Socket error communicating with splunkd (error=[Errno 104] Connection reset by peer), path = /servicesNS/nobody/system/web-features/feature:quarantine_files?output_mode=json
01-30-2024 21:08:00.339 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" WARNING Failed to get quarantine files settings: Splunkd daemon is not responding: ('Error connecting to /servicesNS/nobody/system/web-features/feature:quarantine_files?output_mode=json: [Errno 104] Connection reset by peer',)
01-30-2024 21:08:00.339 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" Quarantine files framework - Unexpected error during execution: 'NoneType' object is not subscriptable
01-30-2024 21:08:09.149 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:53784 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:08:10.486 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:58836 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:08:10.487 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:58840 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:08:10.634 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:58852 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:08:10.635 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [4152] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:08:10.707 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:58866 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:08:10.709 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:58874 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:08:10.771 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:58888 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:08:10.773 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:58898 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:08:10.954 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:58904 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:08:10.954 +0000 INFO TailReader [1487 tailreader0] - Batch input finished reading file='/opt/splunk/var/spool/splunk/tracker.log'
01-30-2024 21:08:10.955 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_secure_gateway/bin/ssg_enable_modular_input.py" [secure_gateway_enable.app:67] [setup_logging] [4151] splunk_secure_gateway_metrics.log could not be created, will attempt to reinitialize in the next run of secure_gateway_enable.app
01-30-2024 21:08:25.386 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:56372 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:08:25.388 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:56378 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:08:25.436 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:56394 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:08:25.437 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [4185] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:08:25.517 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:56400 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:08:25.518 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:56406 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:08:39.208 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:34934 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:08:40.359 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:55002 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:08:40.361 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:55004 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:08:40.441 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:55010 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:08:40.442 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [4214] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:08:40.526 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:55026 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:08:40.530 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:55042 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:08:40.964 +0000 INFO TailReader [1487 tailreader0] - Batch input finished reading file='/opt/splunk/var/spool/splunk/tracker.log'
01-30-2024 21:08:55.480 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:46338 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:08:55.482 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:46346 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:08:55.510 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:46348 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:08:55.511 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [4241] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:08:55.574 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:46360 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:08:55.576 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:46368 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:09:00.005 +0000 INFO ExecProcessor [1379 ExecProcessor] - setting reschedule_ms=59995, for command=/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py
01-30-2024 21:09:00.374 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:35092 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:09:00.375 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" Socket error communicating with splunkd (error=[Errno 104] Connection reset by peer), path = /servicesNS/nobody/system/web-features/feature:quarantine_files?output_mode=json
01-30-2024 21:09:00.375 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" WARNING Failed to get quarantine files settings: Splunkd daemon is not responding: ('Error connecting to /servicesNS/nobody/system/web-features/feature:quarantine_files?output_mode=json: [Errno 104] Connection reset by peer',)
01-30-2024 21:09:00.375 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" Quarantine files framework - Unexpected error during execution: 'NoneType' object is not subscriptable
01-30-2024 21:09:09.270 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:35096 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:09:10.337 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:35906 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:09:10.337 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [4271] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:09:10.408 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:35910 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:09:10.409 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:35912 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:09:10.482 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:35924 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:09:10.484 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:35932 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:09:10.630 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:35944 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:09:10.630 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_secure_gateway/bin/ssg_enable_modular_input.py" [secure_gateway_enable.app:67] [setup_logging] [4270] splunk_secure_gateway_metrics.log could not be created, will attempt to reinitialize in the next run of secure_gateway_enable.app
01-30-2024 21:09:10.963 +0000 INFO TailReader [1487 tailreader0] - Batch input finished reading file='/opt/splunk/var/spool/splunk/tracker.log'
01-30-2024 21:09:25.352 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:39520 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:09:25.354 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:39524 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:09:25.395 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:39532 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:09:25.395 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [4298] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:09:25.464 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:39542 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:09:25.465 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:39558 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:09:39.332 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:50402 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:09:40.384 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:47470 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:09:40.385 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:47486 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:09:40.445 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:47498 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:09:40.446 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [4327] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:09:40.525 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:47502 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:09:40.526 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:47518 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:09:40.964 +0000 INFO TailReader [1487 tailreader0] - Batch input finished reading file='/opt/splunk/var/spool/splunk/tracker.log'
01-30-2024 21:09:55.341 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:55736 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:09:55.342 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:55744 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:09:55.388 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:55750 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:09:55.389 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [4353] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:09:55.465 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:55762 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:09:55.466 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:55776 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:10:00.002 +0000 INFO ExecProcessor [1379 ExecProcessor] - setting reschedule_ms=59998, for command=/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py
01-30-2024 21:10:00.351 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:37342 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:10:00.351 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" Socket error communicating with splunkd (error=[Errno 104] Connection reset by peer), path = /servicesNS/nobody/system/web-features/feature:quarantine_files?output_mode=json
01-30-2024 21:10:00.351 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" WARNING Failed to get quarantine files settings: Splunkd daemon is not responding: ('Error connecting to /servicesNS/nobody/system/web-features/feature:quarantine_files?output_mode=json: [Errno 104] Connection reset by peer',)
01-30-2024 21:10:00.351 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" Quarantine files framework - Unexpected error during execution: 'NoneType' object is not subscriptable
01-30-2024 21:10:09.394 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:37344 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:10:10.390 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:51868 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:10:10.390 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [4382] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:10:10.465 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:51874 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:10:10.466 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:51888 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:10:10.537 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:51898 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:10:10.538 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:51914 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:10:10.627 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:51920 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:10:10.628 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_secure_gateway/bin/ssg_enable_modular_input.py" [secure_gateway_enable.app:67] [setup_logging] [4381] splunk_secure_gateway_metrics.log could not be created, will attempt to reinitialize in the next run of secure_gateway_enable.app
01-30-2024 21:10:10.966 +0000 INFO TailReader [1487 tailreader0] - Batch input finished reading file='/opt/splunk/var/spool/splunk/tracker.log'
01-30-2024 21:10:25.352 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:56502 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:10:25.353 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:56516 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:10:25.403 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:56530 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:10:25.404 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [4411] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:10:25.471 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:56544 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:10:25.472 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:56558 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:10:39.456 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:54056 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:10:40.336 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:48622 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:10:40.337 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:48634 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:10:40.389 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:48646 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:10:40.390 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [4437] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:10:40.469 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:48648 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:10:40.470 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:48660 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:10:40.965 +0000 INFO TailReader [1487 tailreader0] - Batch input finished reading file='/opt/splunk/var/spool/splunk/tracker.log'
01-30-2024 21:10:55.344 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:42056 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:10:55.345 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:42062 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:10:55.394 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:42066 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:10:55.395 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [4460] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:10:55.461 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:42076 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:10:55.462 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:42084 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:11:00.020 +0000 INFO ExecProcessor [1379 ExecProcessor] - setting reschedule_ms=59980, for command=/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py
01-30-2024 21:11:00.367 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:59794 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:11:00.367 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" Socket error communicating with splunkd (error=[Errno 104] Connection reset by peer), path = /servicesNS/nobody/system/web-features/feature:quarantine_files?output_mode=json
01-30-2024 21:11:00.368 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" WARNING Failed to get quarantine files settings: Splunkd daemon is not responding: ('Error connecting to /servicesNS/nobody/system/web-features/feature:quarantine_files?output_mode=json: [Errno 104] Connection reset by peer',)
01-30-2024 21:11:00.368 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" Quarantine files framework - Unexpected error during execution: 'NoneType' object is not subscriptable
01-30-2024 21:11:09.539 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:59800 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:11:10.406 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:51458 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:11:10.407 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [4492] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:11:10.467 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:51472 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:11:10.468 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:51484 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:11:10.516 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:51488 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:11:10.517 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:51490 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:11:10.706 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:51496 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:11:10.707 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_secure_gateway/bin/ssg_enable_modular_input.py" [secure_gateway_enable.app:67] [setup_logging] [4491] splunk_secure_gateway_metrics.log could not be created, will attempt to reinitialize in the next run of secure_gateway_enable.app
01-30-2024 21:11:10.979 +0000 INFO TailReader [1487 tailreader0] - Batch input finished reading file='/opt/splunk/var/spool/splunk/tracker.log'
01-30-2024 21:11:25.360 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:59986 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:11:25.362 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:59998 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:11:25.411 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:60012 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:11:25.412 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [4523] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:11:25.480 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:60022 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:11:25.481 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:60036 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:11:39.604 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:54680 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:11:40.360 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:49978 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:11:40.361 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:49990 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:11:40.413 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:49992 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:11:40.413 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [4553] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:11:40.492 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:50000 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:11:40.493 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:50002 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:11:40.981 +0000 INFO TailReader [1487 tailreader0] - Batch input finished reading file='/opt/splunk/var/spool/splunk/tracker.log'
01-30-2024 21:11:55.367 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:34790 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:11:55.368 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:34804 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:11:55.415 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:34816 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:11:55.415 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [4578] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:11:55.487 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:34822 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:11:55.488 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:34830 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:12:00.006 +0000 INFO ExecProcessor [1379 ExecProcessor] - setting reschedule_ms=59994, for command=/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py
01-30-2024 21:12:00.385 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:40438 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:12:00.385 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" Socket error communicating with splunkd (error=[Errno 104] Connection reset by peer), path = /servicesNS/nobody/system/web-features/feature:quarantine_files?output_mode=json
01-30-2024 21:12:00.385 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" WARNING Failed to get quarantine files settings: Splunkd daemon is not responding: ('Error connecting to /servicesNS/nobody/system/web-features/feature:quarantine_files?output_mode=json: [Errno 104] Connection reset by peer',)
01-30-2024 21:12:00.385 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" Quarantine files framework - Unexpected error during execution: 'NoneType' object is not subscriptable
01-30-2024 21:12:09.669 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:40446 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:12:10.510 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:42412 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:12:10.511 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [4607] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:12:10.587 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:42418 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:12:10.591 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:42420 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:12:10.646 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:42424 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:12:10.647 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:42432 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:12:10.785 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:42436 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:12:10.786 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_secure_gateway/bin/ssg_enable_modular_input.py" [secure_gateway_enable.app:67] [setup_logging] [4606] splunk_secure_gateway_metrics.log could not be created, will attempt to reinitialize in the next run of secure_gateway_enable.app
01-30-2024 21:12:10.983 +0000 INFO TailReader [1487 tailreader0] - Batch input finished reading file='/opt/splunk/var/spool/splunk/tracker.log'
01-30-2024 21:12:25.365 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:41374 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:12:25.366 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:41380 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:12:25.417 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:41384 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:12:25.417 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [4640] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:12:25.495 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:41398 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:12:25.496 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:41408 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:12:39.730 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:60228 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:12:40.368 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:54334 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:12:40.369 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:54338 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:12:40.422 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:54340 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:12:40.423 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [4668] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:12:40.495 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:54356 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:12:40.496 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:54368 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:12:40.985 +0000 INFO TailReader [1487 tailreader0] - Batch input finished reading file='/opt/splunk/var/spool/splunk/tracker.log'
01-30-2024 21:12:55.377 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:52866 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:12:55.379 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:52882 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:12:55.433 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:52884 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:12:55.434 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [4693] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:12:55.498 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:52896 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:12:55.499 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:52902 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:13:00.002 +0000 INFO ExecProcessor [1379 ExecProcessor] - setting reschedule_ms=59998, for command=/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py
01-30-2024 21:13:00.363 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:53054 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:13:00.364 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" Socket error communicating with splunkd (error=[Errno 104] Connection reset by peer), path = /servicesNS/nobody/system/web-features/feature:quarantine_files?output_mode=json
01-30-2024 21:13:00.364 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" WARNING Failed to get quarantine files settings: Splunkd daemon is not responding: ('Error connecting to /servicesNS/nobody/system/web-features/feature:quarantine_files?output_mode=json: [Errno 104] Connection reset by peer',)
01-30-2024 21:13:00.364 +0000 ERROR ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/search/bin/quarantine_files.py" Quarantine files framework - Unexpected error during execution: 'NoneType' object is not subscriptable
01-30-2024 21:13:09.786 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:53066 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:13:10.364 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:38930 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:13:10.366 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:38940 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:13:10.455 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:38946 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:13:10.457 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:38950 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:13:10.531 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:38954 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:13:10.532 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [4725] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:13:10.612 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:38956 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:13:10.614 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:38958 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:13:10.713 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:38974 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:13:10.714 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_secure_gateway/bin/ssg_enable_modular_input.py" [secure_gateway_enable.app:67] [setup_logging] [4723] splunk_secure_gateway_metrics.log could not be created, will attempt to reinitialize in the next run of secure_gateway_enable.app
01-30-2024 21:13:10.985 +0000 INFO TailReader [1487 tailreader0] - Batch input finished reading file='/opt/splunk/var/spool/splunk/tracker.log'
01-30-2024 21:13:25.356 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:46932 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:13:25.357 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:46940 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:13:25.412 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:46952 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:13:25.413 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:46954 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:13:25.467 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:46968 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:13:25.468 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [4773] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:13:39.856 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:47616 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:13:40.345 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:36496 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:13:40.346 +0000 INFO ExecProcessor [1379 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:156] [is_search_head] [4799] Search head query failed, error=Splunkd daemon is not responding: ('Error connecting to http://127.0.0.1:8089//services/server/roles: [Errno 104] Connection reset by peer',)
01-30-2024 21:13:40.411 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:36512 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:13:40.413 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:36516 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:13:40.479 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:36532 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:13:40.480 +0000 WARN HttpListener [1099 HTTPDispatch] - Socket error from 127.0.0.1:36536 while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-30-2024 21:13:40.987 +0000 INFO TailReader [1487 tailreader0] - Batch input finished reading file='/opt/splunk/var/spool/splunk/tracker.log'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment