Archive
Highlighted

Splunk Heavy Forwarders Issue

Path Finder

Hi All,

In our environment we have 1 Cluster Master server, 1 Deployment Master server, 8 indexers & 6 Search Head servers. Recently we have installed heavy forwarders in two of our servers. And usually all the configurations will be done in Deployment master server so from there we will push the same to Cluster master & this is how our environment has been setup.

For both the heavy forwarders we have opened required ports to listen from our deployment master and so on. And when we tried to push some general apps from Deployment master server to both of the heavy forwarder servers , we can able to see that one of the heavyforwarders can able to receive the apps and their configuration files which has been pushed from deployment master server and another heavy forwarder server doesnt able to receive any of those.

Even though the ports has been opened and updated the server details in serverclass.conf file with the app details but still for one heavyforwarder server still we couldn't able to communicate with deployment master. We have done restart of Splunk Forwarder too but still the issue persist so kindly help on the same.

Tags (1)
0 Karma
Highlighted

Re: Splunk Heavy Forwarders Issue

Legend

Hi anandhalagarasan,

at first verify if connection between HF2 and DS is open on the used port (8089), you can do this using telnet.

Then verify if iptables is open on the second HF.

Then verify if both the HF are configured as deployment clients (see $SPLUNK_HOME/etc/systel/local/deploymentclient.conf) of the correct DS.

If they are OK see if both the HF are in the DS client list.

At least, see in $SPLUNK_HOME/var/log/splunk/splunkd.log if there are connection problems.

Bye.
Giuseppe

0 Karma