Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to test a linux forwarder connection to deployment server?

Lwoods
Path Finder
‎06-14-2023 06:23 AM

Hello,

I've completed the following:

1. Installed Linux forwarder. 

2. Assigned ownership and permissions to splunk user and group

3.  started splunk and accepted license

4. entered admin credentials

5. typed in "./splunk enable boot-start -systemd-managed 1 -user splunk -group splunk.

6.  typed in "./splunk set deploy-poll   mysplunkservertest.com:8089

7. Verified deployment.conf file and the uri

8. restarted splunk.

 Now,  how do I test the connection from the forwarder to the deployment server?

thanks

 

 

Labels (1)
Labels
Tags (1)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎06-14-2023 07:50 AM

Step 5 must be performed by root.

Verify the deployment server (DS) is running.  Confirm the UF is allowed by the network to connect to the DS.

Check splunkd.log on the UF for messages from the "DC" component to confirm the UF is able to connect or for any errors attempting to connect.

If successful, you should see the UF in the DS.  Go to Settings->Forwarder Management.

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...