Archive
Highlighted

I have install splunk forwarder , but the splunk enterprise can't detect it

Path Finder

I have install splunk forwarder , but the splunk enterprise can't detect it.
Both machine on the same subnet. I use IP.

Tags (1)
0 Karma
Highlighted

Re: I have install splunk forwarder , but the splunk enterprise can't detect it

Influencer

HI,

I suppose you mean the forwarder is not phoning home and is not visible in your deployment server??

check your config on your forwarder, It should have a deploymentclient.conf looking like this

[deployment-client]

[target-broker:deploymentServer]
targetUri = deploymentserver.splunk.mycompany.com:8089

For more reference see https://docs.splunk.com/Documentation/Splunk/7.2.3/Updating/Configuredeploymentclients

Do you allready have enabled the deploymentserver as well?

0 Karma
Highlighted

Re: I have install splunk forwarder , but the splunk enterprise can't detect it

Path Finder

how to enable deployment server?

0 Karma
Highlighted

Re: I have install splunk forwarder , but the splunk enterprise can't detect it

Influencer

On your deployment server, just create a app in $SPLUNK_HOME/splunk/etc/deployment-apps/

this app can be totaly empty, you just need the folder, just call it first_app,

Then restart your deplyomentserver and you will have under settings-> Forwarder Managment your UI for your deployment server.

Check out these docs for more knowlegde about deployment server

https://docs.splunk.com/Documentation/Splunk/7.2.3/Updating/Aboutdeploymentserver

0 Karma
Highlighted

Re: I have install splunk forwarder , but the splunk enterprise can't detect it

Path Finder

could you give me more information?
I don't really know splunk.
deployment server equal splunk forwarder clientr?
how to create a app?just an empty file?
I am in windows. Please try to give me GUI guide lines

0 Karma
Highlighted

Re: I have install splunk forwarder , but the splunk enterprise can't detect it

Influencer

You should really check out the docs

About Deployment server:

https://docs.splunk.com/Documentation/Splunk/7.2.3/Updating/Aboutdeploymentserver

How to set up forwarder to sent data to your indexer:

https://docs.splunk.com/Documentation/Splunk/7.2.3/Indexer/forwardersdirecttopeers

If you want to have futher insight you really should think about getting started with splunk education https://www.splunk.com/en_us/training.html

The first one "Splunk Fuandamentals" is for free. The topic of deployment will be covered in a later course though.

0 Karma
Highlighted

Re: I have install splunk forwarder , but the splunk enterprise can't detect it

Path Finder

My result is no client phone home.

0 Karma
Highlighted

Re: I have install splunk forwarder , but the splunk enterprise can't detect it

Influencer

Make sure that your forwarder got the deployment client config, like written earlier.

in $SPLUNK_HOME/splunkforwarder/etc/apps/

create new folder "deploymentclient_app", than create a local folder and then create a deploymentclient.conf in local

Paste this into deploymentclient.conf

 [deployment-client]

 [target-broker:deploymentServer]
 targetUri = deploymentserver.splunk.mycompany.com:8089

Exchange deploymentserver.splunk.mycompany.com with the ip or dns name of your deploymentserver.

Then restart the forwarder. Sometime it does take some time until the forwader will then appear in your forwarder management.

Hope that helps.

0 Karma
Highlighted

Re: I have install splunk forwarder , but the splunk enterprise can't detect it

Path Finder

you mean make the deployment .conf in new folder "deploymentclient_app"?
still no client phone home

0 Karma
Highlighted

Re: I have install splunk forwarder , but the splunk enterprise can't detect it

Influencer

no.

  1. Create in $SPLUNKHOME/splunkforwarder/etc/apps an new app called what ever you like, e.g deploymentclientapp
  2. Create in $SPLUNKHOME/splunkforwarder/etc/apps/deploymentclientapp/ a folder "local"
  3. Create a new file "deploymentclient.conf" in $SPLUNKHOME/splunkforwarder/etc/apps/deploymentclientapp/local/
  4. Copy the content [deploymentclient] ... into $SPLUNKHOME/splunkforwarder/etc/apps/deploymentclient_app/local/deploymentclient.conf

Hope that makes it clearer.

0 Karma