Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why are deployment clients not showing up in deployment server?

Venkat_16
Contributor
‎02-28-2018 04:24 AM

The configurations are perfect and the ping and telnet are working between the deployment server and the client but am getting this log when I checked the internal logs.

INFO DC:DeploymentClient - channel=tenantService/handshake Will retry sending handshake message to DS; err=not_connected

this is was the response of netstat:
tcp        0      0 0.0.0.0:8089                0.0.0.0:*                   LISTEN
tcp        0    287 X1.X1.X1.X1:47010          X2.X2.X2.X2:8089              FIN_WAIT1

x1.x1.x1.x1 - client where agent is installed

x2.x2.x2.x2 - deployment server

Has anyone faced this issue? please, kindly advice.

0 Karma
Reply

mayurr98
Super Champion
‎02-28-2018 05:08 AM

can you try changing default hostname of the server which is most likely localhost.localdomain?
Also have you restarted the forwarder after configuration?
check the GUID of servers $SPLUNK_HOME/etc/instance.cfg do they contain same GUID? Delete the file on one of them and restart the UF, it will generate a new guid. Not 100% sure this causes the behavior you are observing, but risk-free to try.

Reply

Mason1493
Engager
‎07-29-2024 07:52 AM

This worked for me! I had the same scenario, DS up and running but no clients displayed, after I deleted the instance file, then restarted, and it is working now!

0 Karma
Reply

Venkat_16
Contributor
‎02-28-2018 05:14 AM

In the other client same configuration works...thats y i was confused

0 Karma
Reply

mayurr98
Super Champion
‎02-28-2018 05:33 AM

Some clients do show on the deployment server? if this is the case then try deleting $SPLUNK_HOME/etc/instance.cfg on the client which are not showing and then restart UF.

0 Karma
Reply

Venkat_16
Contributor
‎02-28-2018 06:04 AM

clients which show on delpyment server share below result:
tcp 0 287 X1.X1.X1.X1:47010 X2.X2.X2.X2:8089 ESTABLISHED

client which do not show share this result
tcp 0 287 X1.X1.X1.X1:47010 X2.X2.X2.X2:8089 FIN_WAIT1

0 Karma
Reply

p_gurav
Champion
‎02-28-2018 04:52 AM

Hi,

On Deployment client, can you run following command:
$SPLUNK_HOME/bin/splunk show deploy-poll

Did it shows deployment server IP?

0 Karma
Reply

Venkat_16
Contributor
‎02-28-2018 05:02 AM

Yes it does show the repose as :

Deployment Server URI is set to "X2.X2.X2.X2:8089".

0 Karma
Reply

p_gurav
Champion
‎02-28-2018 08:29 PM

Can you check internal logs of deployment client, at $SPLUNK_HOME/var/log/splunk/splunkd.log ?

0 Karma
Reply
Get Updates on the Splunk Community!

What the End of Support for Splunk Add-on Builder Means for You

Hello Splunk Community! We want to share an important update regarding the future of the Splunk Add-on Builder ...

Solve, Learn, Repeat: New Puzzle Channel Now Live

Welcome to the Splunk Puzzle PlaygroundIf you are anything like me, you love to solve problems, and what ...

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...