- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Why am getting error "There are currently no forwa...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why am getting error "There are currently no forwarders configured as deployment clients to this instance" on my Sandbox after installing a universal forwarder on my server?
I installed the universal forwarder to my server, specified by sandbox host-url and port 9997 in the command "./splunk add forward-server host:port -auth authname:password" and when I go to my Sandbox to add data, and select 'forward' I get the error that 'There are currently no forwarders configured as deployment clients to this instance'. What am I missing here?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It would appear that the sandbox "forward wizard" is assuming that all forwarders would be set up as "deployment clients" (see: http://docs.splunk.com/Documentation/Splunk/6.2.0/Updating/Aboutdeploymentserver ) in order to push configs to them. I did not see this covered in my poking around on sandbox so I think you are rightly confused. You can either set up your inputs manually which is covered in the documentation pretty well (here: http://docs.splunk.com/Documentation/Splunk/6.2.0/Data/Usingforwardingagents) as well as this answer:
http://answers.splunk.com/answers/50082/how-do-i-configure-a-splunk-forwarder-on-linux.html
OR
you can get your forwarder set up as a deployment client and use the wizard to get your sandbox instance to push configs to your forwarder. The command for pointing a forwarder at a deployment server on linux is as follows:
su splunk -c "/opt/splunkforwarder/bin/splunk set deploy-poll "
BTW, in my sandbox, receiving on tcp port 9997 was enabled by default so doing so should not be necessary.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've also tried to get this going myself since I am seeing a lot of similar questions from folks having problems. For one thing, I learned that the sandbox server needs to have input- appended to the hostname in order to actually connect to the correct IP. After you get this far, you will probably see as I did that your connection to sandbox gets reset, this appears to be because splunk has made some changes to make this "easier". There are apparently some embedded credentials in a special forwarder package which need to be used. I guess this is not going to work for the universal forwarder that I installed on my Raspberry Pi. Hopefully they will improve the documentation as there is nothing to guide even experienced splunk users to getting this connection to work manually. See the last comment on this question for a clue about why so many might be having issues with sandbox trial inputs:
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
EDIT: The following helped get this working!
- Log into your sandbox instance and click on Universal Forwarder from your launch page.
- Click on the button to download the cloud credentials.
- Install this as an app on your forwarder ( /opt/splunkforwarder/bin/splunk install app /PATH/TO/splunkcouduf.spl )
- Make sure your output is named splunkcloud in your outputs.conf - mine is below
Restart splunk
[tcpout]
defaultGroup = splunkcloud[tcpout:splunkcloud]
server = input-prd-p-MYSERVERID.cloud.splunk.com:9997
Stay Connected: Your Guide to February Tech Talks, Office Hours, and Webinars!
Preparing your Splunk Environment for OpenSSL3
Incident Response: Reduce Incident Recurrence with Automated Ticket Creation
