Getting Data In

Why am I getting "Connection to host=:9997 failed" after configuring a universal forwarder on Linux?

nitheeshp86
New Member

I have configured a universal forwarder on one of our Linux systems. When i check the logs it shows

Connection to host=192.168.2.1:9997 failed (where 192.168.2.1 is splunk enterprise ) server.

I have referred to this solution but didn't work http://answers.splunk.com/answers/49833/splunk-forwarder-connection-refused-from-splunk-indexer.html

0 Karma

MuS
Legend

hi nitheeshp86,

do the usual troubleshooting like:

cheers, MuS

0 Karma
Get Updates on the Splunk Community!

ATTENTION!! We’re MOVING (not really)

Hey, all! In an effort to keep this Slack workspace secure and also to make our new members' experience easy, ...

Splunk Admins: Build a Smarter Stack with These Must-See .conf25 Sessions

  Whether you're running a complex Splunk deployment or just getting your bearings as a new admin, .conf25 ...

AppDynamics Summer Webinars

This summer, our mighty AppDynamics team is cooking up some delicious content on YouTube Live to satiate your ...