Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

SplunkForwarder Not Working

yashika26
Explorer
‎09-11-2013 03:30 AM

Hi,

I am new to Spunk and have created a basic Splunk Server and SplunkForwarder(Client).
On Client, it is showing me error:

09-11-2013 21:14:12.022 +0530 WARN DeploymentClient - Unable to send handshake message to deployment server. Error status is: not_connected
09-11-2013 21:14:12.022 +0530 DEBUG DeploymentClient - Handshake not yet finished. will continue retrying with a rate of '12000 secs'

But when I execute splunk list forward-server , the output is like

"Active forwards:
192.168.145.20:9997
Configured but inactive forwards:
None"

On the Splunk Server: splunk list deploy-clients results into

"No deployment clients have contacted this server".

I am not able to find the reason why the client is not able to contact server.
Appreciate your help.

Tags (1)
0 Karma
Reply

Ayn
Legend
‎09-11-2013 03:44 AM

forward-server is not the same thing as deployment server. forward-server just tells you which server(s) a forwarder is sending its events to, whereas a deployment server is something you setup for distributing apps from a central repository to client Splunk instances.

To get a deployment architecture working, you need to enable the deployment server, and also make sure that port 8089 on the deployment server is available from the systems you will use as deployment clients. More information here: http://docs.splunk.com/Documentation/Splunk/5.0/Deploy/Aboutdeploymentserver

Reply

yashika26
Explorer
‎09-11-2013 03:54 AM

As per the Splunk Documentation:
Configure universal forwarder to act as a deployment client (optional). To do this, just specify the deployment server:

  splunk set deploy-poll <host>:<port>

where:

is the deployment server's hostname or IP address and is the port it's listening on.
This step also automatically enables the deployment client functionality.

I just did this step.

0 Karma
Reply

Ayn
Legend
‎09-11-2013 03:49 AM

Read the docs I linked to.

Reply

yashika26
Explorer
‎09-11-2013 03:47 AM

Ayn, can you let me know how to configure a deployment client. I think I have mistaken deployment-client as forward-server.

0 Karma
Reply
Get Updates on the Splunk Community!

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

  Ready to master Kubernetes and cloud monitoring like the pros?Join Splunk’s Growth Engineering team for an ...

Wrapping Up Cybersecurity Awareness Month

October might be wrapping up, but for Splunk Education, cybersecurity awareness never goes out of season. ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

&#x1f5e3; You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...