All Apps and Add-ons

Problem Setting up Data Collection Node on VMware app

Path Finder

We are trying to setup the Splunk app for VMware and on the data collection node we are having issues. We see it as an active forwarder on the OVA server (centOS box), in splunk UI we have the URI - http:(slashslash)localhost:8089, user, password and worker process is 3.

It says "could not reach host"

Not sure what we could be missing

0 Karma

Path Finder

From your scheduler try this:

curl -k https://<DCN>:8089

You should get an XML doc back, if not you have a network problem.

There is a hidden dashboard that may help as well, https:///en-US/app/splunk_for_vmware/hydra_framework_status. Was invaluable for troubleshooting, just make sure you DCN is forwarding it's logs.

http://docs.splunk.com/Documentation/VMW/3.1.3/Configuration/Createadatacollectionnode#Enable_troubl...

0 Karma

Communicator

my DCN doesnot forward any logs to scheduler

I've setup DCN by following instructions in this page http://docs.splunk.com/Documentation/VMW/3.1.3/Configuration/Createadatacollectionnode

does DCN also runs scheduler ?

0 Karma

Path Finder

anyone have an update on this? if i run the curl -k command I get a curl: (35) SSL connect error.

0 Karma

Explorer

Any updates on this case? I have same problem.

0 Karma

Builder

were you able to fix this?

0 Karma

Splunk Employee
Splunk Employee

You said;

in splunk UI we have the URI -
http:(slashslash)localhost:8089, user,
password and worker process is 3.

"localhost" should not be a host name of the virtual machine you created from an ova file.
Try IP address of the virtual machine where DCN is running if you do not have a FQDN to resolve host name.

0 Karma

Path Finder

We just get
Credential Validation: X Could not reach host
Add-on Validation: X Could not reach host

I've followed the docs and the youtube setup video, i just dont see what I'm doing wrong.

0 Karma

Splunk Employee
Splunk Employee

You said;

It says "could not reach host"

According to the document, you should check two things

  1. Password is not default
  2. Network is not blocking port 8008/8089
0 Karma

Path Finder

yeah we tried the IP and FQDN, both a no go.

0 Karma

Splunk Employee
Splunk Employee

Just to do a sanity check:

  • You must use https NOT http.
  • You must use the Splunk username 'admin' and the associated password for Splunk on the OVA (Remember you have had to change this password to something other than the default 'changeme')
  • Splunk must be running
0 Karma

Path Finder

We have a splunk indexer/searchhead and a deployment server. the localhost is the indexer/sh. Then indexer/sh is a physical machine, the deployment server is a virtual machine.

The problem is some network issue between the indexer and the OVA that we downloaded with the VMware app

0 Karma

Splunk Employee
Splunk Employee

localhost:8089? Do you have two Splunk instances in one physical or virtual server?

0 Karma

Path Finder

Yes for all 3. You are Sane, well so am I as well.

0 Karma