@isoutamo This is my settings.json. {
"liveServer.settings.AdvanceCustomBrowserCmdLine":"chrome",
"editor.fontSize": 24,
"workbench.editor.enablePreview": false,
"splunk.commands.splunkRestUrl": "https://<SERVER_NAME>:8089",
"splunk.commands.token": "<TOKEN>",
"splunk.reports.SplunkSearchHead": "https://<SERVER_NAME>:8080",
"notebook.lineNumbers": "on",
"terminal.integrated.profiles.windows": {
"PowerShell": {
"source": "PowerShell",
"icon": "terminal-powershell"
},
"Command Prompt": {
"path": [
"${env:windir}\\Sysnative\\cmd.exe",
"${env:windir}\\System32\\cmd.exe"
],
"args": [],
"icon": "terminal-cmd"
},
"Git Bash": {
"source": "Git Bash"
},
"Windows PowerShell": {
"path": "C:\\WINDOWS\\System32\\WindowsPowerShell\\v1.0\\powershell.exe"
}
},
"terminal.integrated.defaultProfile.windows": "Git Bash",
"files.exclude": {
"**/.git": false
},
"workbench.colorTheme": "Visual Studio Dark",
"workbench.iconTheme": "vscode-icons",
"liveServer.settings.donotShowInfoMsg": true,
"workbench.commandPalette.history": 500,
"settingsSync.ignoredSettings": [
]
} I ran lsof -i | grep 8089 on the Splunk server and its listening. lsof -i | grep 8089
splunkd 62692 splunk 29u IPv4 581627143 0t0 TCP <SERVER_NAME>:59190-><SERVER_NAME>:8089 (ESTABLISHED)
java 66146 splunk 84u IPv4 927511885 0t0 TCP localhost:43216->localhost:8089 (ESTABLISHED)
splunkd 86761 splunk 4u IPv4 317159394 0t0 TCP *:8089 (LISTEN)
splunkd 86761 splunk 151u IPv4 927515713 0t0 TCP localhost:8089->localhost:43216 (ESTABLISHED) I ran netstat -ano | find /i "8089" TCP 0.0.0.0:8089 0.0.0.0:0 LISTENING 6080 Ran my splnb file in VSC, and reran the netstat command. TCP 0.0.0.0:8089 0.0.0.0:0 LISTENING 6080
TCP 10.37.112.133:29160 10.100.47.105:8089 TIME_WAIT 0 No I know an attempt was made. I started a Wireshark trace and reran my splnb file. The TLS handshake, certs, etc. seem to exchange without any issue. However, once my laptop sends application data, the Splunk server responds with "Encrypted Alert" My laptop responds to the "Encrypted Alert" with one of its own. Then a 4-way graceful disconnect. How do I find out on the Splunk server what caused it to send an Encypted Alert? My SPL is index=_internal | stats count by component Thanks for your help. It is late here. Enjoy your weekend and God bless, Genesius
... View more