Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Universal forwarder is not sending logs.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am unable to get forwarders to show up in the console after installing server/forwarder. Getting "no clients or apps are currently available on this deployment server".
I installed Splunk version 8.0.3 on RHEL 7.7 Server, and configured the indexer to listen on 9997 and app server on 8088. Opened these ports on Linux server:
8000 - Web
8088 - App Server (The others show open but this port still shows closed when tested with a port scan, I noticed it is listening on 127.0.0.1:8088 where the others are 0:0:0:0:port)
8089 - Management Port
8191 - KV Store
9997 - Indexer
Installed Universal Forwarder on Windows 10 - 1909 x64 client using this command:
msiexec "-i \\pathtomsi.msi -qn -l C:\logpath.log AGREETOLICENSE=YES SPLUNKUSERNAME=USER SPLUNKPASSWORD=PASS RECEIVING_INDEXER=server.domain.net:9997 WINEVENTLOG_APP_ENABLE=1 WINEVENTLOG_SEC_ENABLE=1 WINEVENTLOG_SYS_ENABLE=1 WINEVENTLOG_SET_ENABLE=0 WINEVENTLOG_FWD_ENABLE=0"
Any idea what is going wrong here or what I can do to troubleshoot the issue?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Figured it out. I mistakenly left off the deployment server in the installation
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @zachantinellingc . Did the answer below solve your question? If yes, please click “Accept” directly below the answer to resolve the post. If not, please comment with more information if you are still having issues.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Figured it out. I mistakenly left off the deployment server in the installation
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @zachantinellingc , you will get points if you mark your own post as solution
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas
What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)
Automating Threat Operations and Threat Hunting with Recorded Future
