Splunk Forwarder 7.2.1 is installed on Windows 2016 instance cannot send logs/data to the indexer with version 7.1.3.
We have other Windows 2008 instances with same configuration, which can succesfully connect to the indexer.
We think that there is a bug with Splunk Forwarder on Windows 2016 instances.
(Firewall rules are checked and enabled.)
Here are the errors:
04-16-2019 13:46:14.222 +0000 INFO TcpOutputProc - Connection to x.x.x.x:9997 closed. sock_error =
10054. SSL Error = error:00000000:lib(0):func(0):reason(0)
04-16-2019 13:46:14.222 +0000 WARN TcpOutputProc - Possible duplication of events with channel=source::Perfmon:Process|host::XXXX|Perfmon:Process|, streamId=15911254072694239019, offset=8243074 on host=x.x.x.x:9997
04-16-2019 13:46:14.268 +0000 INFO TcpOutputProc - Connection to x.x.x.x:9997 closed. default Error in SSL_read = 10054, SSL Error = error:00000000:lib(0):func(0):reason(0)
04-16-2019 13:46:14.268 +0000 WARN TcpOutputProc - Applying quarantine to ip=x.x.x.x port=9997
_numberOfFailures=2
04-16-2019 13:46:14.268 +0000 WARN TcpOutputProc - Possible duplication of events with channel=source::Perfmon:Process|host::XXXX|Perfmon:Process|, streamId=15911254072694239019, offset=11879036 on host=x.x.x.x:9997
Did you ever figure out a solution for this one?
Not really, the issue persists.