Getting Data In

Azure VM - Won't report to Deployment server

spluzer
Communicator

Hey Splunksters,

I have an Azure VM that I put a forwarder on that is supposed to reach out to my on-prem deployment server (which I have successfully done in my separate development environment).  

(just a little backstory in case this helps anyone)
Originally it was installed using a script that pointed to the wrong Deployment server, so I uninstalled the forwarder - then reinstalled it pointing to the correct deployment server 

I checked the deploymentclient.conf and it is pointed correctly - restarted the service etc etc. - But none of the deployment apps are showing up on the client - and the DS GUI does not show the the client server in forwarding management

Ran a test-netconnection from the Azuer machine to the DS using the DS management port - and got TCP success

However, when I run test connection on the DS back to the Azure machine it fails -- Which would lead me to believe there is a firewall or isn't set to bi-directional port etc etc etc.

HOWEVER, my DEV setup gives me the exact same test connection failure going    FROM:   the DS  TO:  the Azure client machine ----BUT IT STILL WORKS (data comes in, apps deploy , etc in DEV ) ---so I'm confused

That's why I feel like I am taking crazy pills.  Considering doing a full reboot of the client machine, but that is not optimal at the moment. 

Thanks!

Labels (1)
Tags (1)
0 Karma
1 Solution

s2_splunk
Splunk Employee
Splunk Employee

The DS never reaches out to clients, connections are always initiated by the deployment client every phoneHomeInterval seconds. What hostname does the Azure VM present to the DS? Maybe it simply doesn't match any of your defined serverclass.conf entries?

You can try to set clientName in deploymentclient.conf to a static value that matches serverclass.conf rules to test this theory. Also, splunkd.log on the DC will provide clues; look for component=HttpPubSubConnection to see if the connection is successful. 

HTH

View solution in original post

0 Karma

s2_splunk
Splunk Employee
Splunk Employee

The DS never reaches out to clients, connections are always initiated by the deployment client every phoneHomeInterval seconds. What hostname does the Azure VM present to the DS? Maybe it simply doesn't match any of your defined serverclass.conf entries?

You can try to set clientName in deploymentclient.conf to a static value that matches serverclass.conf rules to test this theory. Also, splunkd.log on the DC will provide clues; look for component=HttpPubSubConnection to see if the connection is successful. 

HTH

View solution in original post

0 Karma

spluzer
Communicator

Thanks! I will check it out.  I guess I'm still a little confused.  In the past, after installing the forwarder, I could find the host in the forwarder management GUI- THEN I would set up a server class for that machine.  I don't see the host showing up at all in forwarder management.  However, I haven't had access to the machine yet, so I will check the logs you mentioned on the client side when I gain access...thanks again!

0 Karma

s2_splunk
Splunk Employee
Splunk Employee

Ah, yes. You are correct. It should show up as soon as it phones home, even without matching apps. Sorry I misunderstood your description.

So, likely there is some connectivity issue between the deployment client and the DS. Forwarder logs will have clues.

0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.