Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk forwarder on Linux won't show login when required (and also not able to phone home)

rune_hellem
Contributor
‎03-09-2020 06:19 AM

I've installed the forwarder on Ubuntu and it did get the apps from the deployment server right after the install. But it does not get any updates - it cannot phone home. What the root cause is, I'm still not yet sure, but for some reason, whenever I type a command on the forwarder that requires you to provide a valid username/password nothing happens. The cli does not show the request for the Splunk username: as it does on any of the Windows forwarders we have installed.

I'm pretty sure I will solve the phone home issue if I can solve the issue with username/password not showing, but no luck yet doing that.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎03-09-2020 06:29 AM

Hi @rune.hellem,
at first check the connection between Forwarder and Deployment Server 

telenet ip_deployment_server 8089

Then check if the Server is listed in the deployment client of the DS using GUI.

If it's on DS, click on the server and see if it's inserted in a ServerClass and if it's correct.

If all these check are positive, check the permission of the user used to run Splunk, if it has the grants to write files.

Ciao.
Giuseppe

0 Karma
Reply

rune_hellem
Contributor
‎03-09-2020 07:01 AM

Thanks, but ...

  • Telnet is fine, connects from the server as expected.
  • Actually, the server will immediately phone home, but at some point it looses the ability to phone home and it won't get any updates from the deployment server
  • Permissions are fine, I had that as an issue when installing as root, but after I installed using sudo that problem went away.

So I do believe that the issue with not connecting to the deployment server is, as the missing login prompt, a symptom for ...well, I do not know yet.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎03-09-2020 07:04 AM

Hi @rune.hellem,
about the other two items:

  • check if the Server is listed in the deployment client of the DS using GUI,
  • If it's on DS, click on the server and see if it's inserted in a ServerClass and if it's correct.

Ciao.
Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

What the End of Support for Splunk Add-on Builder Means for You

Hello Splunk Community! We want to share an important update regarding the future of the Splunk Add-on Builder ...

Solve, Learn, Repeat: New Puzzle Channel Now Live

Welcome to the Splunk Puzzle PlaygroundIf you are anything like me, you love to solve problems, and what ...

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...