1.Login to Splunk indexer & Splunk search head (ssh)
2.From indexer : Check splunk service is running : $SPLUNK_HOME/bin/splunk status
splunkd xxxx was not running.
Stopping splunk helpers...
couldn't send SIGTERM to pid xxxx: Operation not permitted
Couldn't send SIGTERM to some splunk helpers. [FAILED]
Error: Unable to stop splunk helpers.
From indexer : Goto >> $SPLUNK_HOME/var/run/splunk/
It should work.
Possibly Firewall issues:
From indexer :
telnet localhost 8089
Check 8089 port is listening
From search head:
telnet splunk-indexer 8089
check u can able to reach 8089 port of indexer
You should have allowed in firewall rules.