I have a Splunk Server on Ubuntu and a Splunkforwarder on Ubuntu too.
I want to add splunkforwarder to distributed search on Splunk server, but when try to add it, the error below is generated:
Encountered the following error while trying to save: In handler 'distsearch-peer': Error while sending public key to search peer: Connection reset by peer
How do can I fix this problem?
Check out the local instances splunkd.log. It's possible a universal forwarder can't be added as a search peer since its not capable of handling searches. Otherwise it could simply be a permissions issue since the user must be an admin on both systems.