All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk App for Stream: How to troubleshoot error "Unable to ping server"?

ahmedhassanean
Explorer
‎12-22-2015 02:35 AM

Dears,

I have installed Splunk 6.3.2 and Splunk App for Stream, but unfortunately, no data can be indexed and below errors appeared:

Unable to ping server (<server id>): Unable to establish connection to localhost: Connection refused 
No capture devices found (no matches): (en|eth)[0-9]+

I have checked inputs.conf for in /opt/splunk/etc/apps/Splunk_TA_stream/local and it's as below 

[streamfwd://streamfwd]
splunk_stream_app_location = http://localhost:8000/en-us/custom/splunk_app_stream/
stream_forwarder_id =
disabled = 0

please advise.
thanks in advance

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

vshcherbakov_sp
Splunk Employee
Splunk Employee
‎12-28-2015 09:44 AM

Hello ahmedhassanean,

Can you open http://localhost:8000/en-us/custom/splunk_app_stream/ping URL in a browser?

I presume you have "full" Splunk App Stream (i.e. not just Splunk_TA_Stream) installed on localhost, correct? If not, you need to install it. If Splunk is running with SSL enabled, you need to use https:// instead of http://

Regarding "No capture devices found" error: what is your OS? What does ifconfig command return? Have you run
sudo ./setuid.sh script in /opt/splunk/etc/apps/Splunk_TA_stream/?

View solution in original post

Reply
Solved! Jump to solution
Solution

vshcherbakov_sp
Splunk Employee
Splunk Employee
‎12-28-2015 09:44 AM

Hello ahmedhassanean,

Can you open http://localhost:8000/en-us/custom/splunk_app_stream/ping URL in a browser?

I presume you have "full" Splunk App Stream (i.e. not just Splunk_TA_Stream) installed on localhost, correct? If not, you need to install it. If Splunk is running with SSL enabled, you need to use https:// instead of http://

Regarding "No capture devices found" error: what is your OS? What does ifconfig command return? Have you run
sudo ./setuid.sh script in /opt/splunk/etc/apps/Splunk_TA_stream/?

Reply
Solved! Jump to solution

ahmedhassanean
Explorer
‎12-28-2015 09:49 AM

i am running redhat 7.1 and i already run ./setuid.sh but problem solved when i edit configuration file and specify the interfaces that i want app stream to capture data from it despite that default behavior must capture data from all interfaces 🙂

Reply
Solved! Jump to solution

tbaublys_splunk
Splunk Employee
Splunk Employee
‎06-14-2018 04:23 AM

I had the same error but another root cause: I changed the server port after the installing stream app but before configuring it. In order to resolve I had to change to set the correct port in the local inputs.conf in Splunk_TA_stream folder.

0 Karma
Reply
Solved! Jump to solution

vshcherbakov_sp
Splunk Employee
Splunk Employee
‎12-28-2015 11:53 AM

Great! Glad to hear you were able to resolve this problem. The default behavior is to capture on interfaces matching (en|eth)[0-9]+ regex, and seems like never versions of Redhat have different naming convention for network interfaces..

0 Karma
Reply
Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

New Release | Splunk Cloud Platform 10.1.2507

Hello Splunk Community!We are thrilled to announce the General Availability of Splunk Cloud Platform 10.1.2507 ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

&#x1f5e3; You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...