Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

SplunkForwarder Not Working

yashika26
Explorer
‎09-11-2013 03:30 AM

Hi,

I am new to Spunk and have created a basic Splunk Server and SplunkForwarder(Client).
On Client, it is showing me error:

09-11-2013 21:14:12.022 +0530 WARN DeploymentClient - Unable to send handshake message to deployment server. Error status is: not_connected
09-11-2013 21:14:12.022 +0530 DEBUG DeploymentClient - Handshake not yet finished. will continue retrying with a rate of '12000 secs'

But when I execute splunk list forward-server , the output is like

"Active forwards:
192.168.145.20:9997
Configured but inactive forwards:
None"

On the Splunk Server: splunk list deploy-clients results into

"No deployment clients have contacted this server".

I am not able to find the reason why the client is not able to contact server.
Appreciate your help.

Tags (1)
0 Karma
Reply

Ayn
Legend
‎09-11-2013 03:44 AM

forward-server is not the same thing as deployment server. forward-server just tells you which server(s) a forwarder is sending its events to, whereas a deployment server is something you setup for distributing apps from a central repository to client Splunk instances.

To get a deployment architecture working, you need to enable the deployment server, and also make sure that port 8089 on the deployment server is available from the systems you will use as deployment clients. More information here: http://docs.splunk.com/Documentation/Splunk/5.0/Deploy/Aboutdeploymentserver

Reply

yashika26
Explorer
‎09-11-2013 03:54 AM

As per the Splunk Documentation:
Configure universal forwarder to act as a deployment client (optional). To do this, just specify the deployment server:

  splunk set deploy-poll <host>:<port>

where:

is the deployment server's hostname or IP address and is the port it's listening on.
This step also automatically enables the deployment client functionality.

I just did this step.

0 Karma
Reply

Ayn
Legend
‎09-11-2013 03:49 AM

Read the docs I linked to.

Reply

yashika26
Explorer
‎09-11-2013 03:47 AM

Ayn, can you let me know how to configure a deployment client. I think I have mistaken deployment-client as forward-server.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...