- Splunk Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- How do I troubleshoot Splunk Universal Forwarder c...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm facing 1 issue when try to install a Splunk universal forwarder in one of my job sites. Every time when I change its connection to 127.0.0.1 51112, it will fail after 3 minutes of waiting and reset the connection again. Therefore, data at my client site can't send to my server. Anyone of you encounter this issue before? Do you mind sharing your solution so I can resolve it?I able to telnet it and also splunk list forward server & splunk show deploy-poll is working well. Thank you very much.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Resolved as port 51112 is intermittently controlled by another app. Shifted to another port number.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Resolved as port 51112 is intermittently controlled by another app. Shifted to another port number.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What does your Splunk infrastructure look like? Is your Deployment Server also your indexer?
Are you receiving any data on your indexer?
Do you have port 9997 open between your Universal Forwarder and Indexer?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, yup~ i able to telnet port my port which mean the port is open already. I able to received data from my indexer before i install universal forwarder. But after i install Universal forwarder it can't working. Any details information i should provide to you?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What do you mean by "change its connection to 127.0.0.1 51112"? Why do you need to do that? From the little I see in your screenshot your configuration looks fine*.
You can check c:\program files\splunkforwarder\var\log\splunk\splunkd.log for errors, that might help point you in the right direction.
*Except having your system forward to the same place as your Deployment Server, but that shouldn't be an actual problem.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It look fine in my splunk log and i got this message:
06-16-2016 10:13:26.851 +0800 INFO HttpPubSubConnection - Running phone uri=/services/broker/phonehome/connection_IPAddress
This should be correct right?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
127.0.0.1 51112 is the same as as point to localhost. I use Kepware 5.20 for extract all the data from my device and send to Splunk server. I will try to check the Splunk log see got any hints or not.
Adoption of RUM and APM at Splunk
Routing logs with Splunk OTel Collector for Kubernetes
Welcome to the Splunk Community!
