Deployment Architecture

Splunk forwarder on Linux won't show login when required (and also not able to phone home)

Contributor

I've installed the forwarder on Ubuntu and it did get the apps from the deployment server right after the install. But it does not get any updates - it cannot phone home. What the root cause is, I'm still not yet sure, but for some reason, whenever I type a command on the forwarder that requires you to provide a valid username/password nothing happens. The cli does not show the request for the Splunk username: as it does on any of the Windows forwarders we have installed.

I'm pretty sure I will solve the phone home issue if I can solve the issue with username/password not showing, but no luck yet doing that.

0 Karma

Legend

Hi @rune.hellem,
at first check the connection between Forwarder and Deployment Server

telenet ip_deployment_server 8089

Then check if the Server is listed in the deployment client of the DS using GUI.

If it's on DS, click on the server and see if it's inserted in a ServerClass and if it's correct.

If all these check are positive, check the permission of the user used to run Splunk, if it has the grants to write files.

Ciao.
Giuseppe

0 Karma

Contributor

Thanks, but ...

  • Telnet is fine, connects from the server as expected.
  • Actually, the server will immediately phone home, but at some point it looses the ability to phone home and it won't get any updates from the deployment server
  • Permissions are fine, I had that as an issue when installing as root, but after I installed using sudo that problem went away.

So I do believe that the issue with not connecting to the deployment server is, as the missing login prompt, a symptom for ...well, I do not know yet.

0 Karma

Legend

Hi @rune.hellem,
about the other two items:

  • check if the Server is listed in the deployment client of the DS using GUI,
  • If it's on DS, click on the server and see if it's inserted in a ServerClass and if it's correct.

Ciao.
Giuseppe

0 Karma