Getting Data In

Universal forwarder is not sending logs.

zachantinelling
Explorer

I am unable to get forwarders to show up in the console after installing server/forwarder. Getting "no clients or apps are currently available on this deployment server".

I installed Splunk version 8.0.3 on RHEL 7.7 Server, and configured the indexer to listen on 9997 and app server on 8088. Opened these ports on Linux server:

8000 - Web
8088 - App Server (The others show open but this port still shows closed when tested with a port scan, I noticed it is listening on 127.0.0.1:8088 where the others are 0:0:0:0:port)
8089 - Management Port
8191 - KV Store
9997 - Indexer

Installed Universal Forwarder on Windows 10 - 1909 x64 client using this command:

msiexec "-i \\pathtomsi.msi -qn -l C:\logpath.log AGREETOLICENSE=YES SPLUNKUSERNAME=USER SPLUNKPASSWORD=PASS RECEIVING_INDEXER=server.domain.net:9997 WINEVENTLOG_APP_ENABLE=1 WINEVENTLOG_SEC_ENABLE=1 WINEVENTLOG_SYS_ENABLE=1 WINEVENTLOG_SET_ENABLE=0 WINEVENTLOG_FWD_ENABLE=0"

Any idea what is going wrong here or what I can do to troubleshoot the issue?

0 Karma
1 Solution

zachantinelling
Explorer

Figured it out. I mistakenly left off the deployment server in the installation

View solution in original post

0 Karma

sensitive-thug
Splunk Employee
Splunk Employee

Hi @zachantinellingc . Did the answer below solve your question? If yes, please click “Accept” directly below the answer to resolve the post. If not, please comment with more information if you are still having issues.

0 Karma

zachantinelling
Explorer

Figured it out. I mistakenly left off the deployment server in the installation

0 Karma

PavelP
Motivator

Hello @zachantinellingc , you will get points if you mark your own post as solution

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...