Getting Data In

Why does my Deployment Client not phone home with error "unable to resolve my hostname."?

Explorer

I have installed a universal forwarder on a Linux machine, and I configured it as a deployment client to phone a Splunk server at 192.168.1.28:8089. Unfortunately, it never does so.

My deploymentclient.conf is

[deployment-client]
disabled = false

[target-broker:deploymentServer]
targetUri = 192.168.1.28:8089

And I checked on the Client side with:
splunk display deploy-client
It outputs Deployment Client is enabled.

However, when I took a look at the splunkd.log, searching for DC(for Deployment Client), I saw lines:

Creating a DeploymentClient instance
unable to resolve my hostname. DeploymentClient is disabled.
....

I think this is the problem, but I cannot solve it. I don't know where the "hostname" thing is, so I don't know how to modify it.

Anyone please help me out! Cheers.

1 Solution

Influencer
 splunk set servername host.domain.com
 splunk set default-hostname host.domain.com
 splunk restart

If that doesn't work, you may also have to configure the hostname in Linux. The process will vary depending on what flavor of Linux you are running. Even if setting it in Splunk fixes your problem, I would still recommend configuring the hostname in Linux.

View solution in original post

Motivator

Check the firewall with the command on the client:

telnet ip port

If the DS is on a Windows box, make sure that the Windows firewall is either turned off or not blocking.

0 Karma

Explorer

Problem Sovled!!

Basically what I did is change the hostname of linux through "hostname xxx", and edited my /etc/hosts to map this xxx to 192.168.1.23 DONE!

0 Karma

SplunkTrust
SplunkTrust

A few things:

  1. Do you have any other clients that are able to checkin with the deployment server?
  2. Try setting the clientName = somedeployment.client.name setting in deploymentclient.conf
  3. I haven't seen this error before, but maybe check that the servername in etc/system/local/inputs and server.conf are resolvable
0 Karma

Explorer

Sorry I just found out I cannot update the detail of the question. So I just post my inputs.conf and server.conf here:

inputs.conf:
[default]
host = localhost.localdomain
server.conf:
[sslConfig]
sslKeysfilePassword = ....

[lmpool:auto_generated_poll_forwarder]
description = auto_genterated_poll_forwarder
quota = MAX
slaves = *
stack_id = forwarder

[lmpool:auto_generated_poll_free]
...

[general]
pass4SymmKey = ....
serverName = localhost.localdomain

0 Karma

Explorer
  1. No this is the only Client, And it cannot check in with the server.
  2. I tried to assign a name to it but it does not work.
  3. I check both config file it does seems a bit weird. I update the question please shed some light on it.
0 Karma

Influencer
 splunk set servername host.domain.com
 splunk set default-hostname host.domain.com
 splunk restart

If that doesn't work, you may also have to configure the hostname in Linux. The process will vary depending on what flavor of Linux you are running. Even if setting it in Splunk fixes your problem, I would still recommend configuring the hostname in Linux.

View solution in original post

Explorer

Hi mason,

I check my hostname is just localhost.localdomain. I know it's just from the system command "hostname". Could it be the reason why the client cannot phone home? Should I change it to the IP address of the universal forwarder?

0 Karma

Explorer

Hi mason,
just a quick update.

I just tried these two commands and I saw the changes have been done to inputs.conf and server.conf
(changing the hostname in inputs.conf and servername in server.conf to 192.168.1.23), but after i restarted the splunk and it still doesn't work and the log said the same thing as in the question.

0 Karma

Influencer

What flavor of Linux are you running?

0 Karma

Explorer

Fedora Linux

0 Karma

Influencer

Run through this: http://www.labtestproject.com/using_linux/permanently_change_hostname_on_fedora

Then, restart Splunk, and let us know if there's any improvement. If not, you may need to capture a diag and open a support case.

0 Karma

Explorer

Cheers mason, problem SOLVED!!

0 Karma

Influencer

Please choose "Accept Answer" so that your question is marked as resolved and future Splunkers can quickly find our solution. 🙂

0 Karma

Explorer

Cool.
My remaining question is how come nobody experienced this problem before?

0 Karma

SplunkTrust
SplunkTrust

is localhost.localdomain an entry in /etc/hosts? what do you get when you nslookup localhost.localdomain ?

0 Karma

Explorer

Hi muebel,

it is an entry in my /etc/hosts and it is mapped to 127.0.0.1 and nslookup tell me server cannot find localhost.localdomain.

I don't think this is the reason because I have already changed the hostname in inputs.conf as well as the servername in server.conf to 192.168.1.23(which is the ip address of the deployment client )

0 Karma

Splunk Employee
Splunk Employee

Check your configuration on the host, in the server.conf -

http://docs.splunk.com/Documentation/Splunk/6.2.5/admin/Serverconf

Additionally, make sure name resolution (DNS) is working on the box, that it can resolve it's own hostname and the hostname of the DS.

0 Karma

Explorer

Hi esix,

This is my server.conf, could you help me verify it?

server.conf:
[sslConfig]
sslKeysfilePassword = ....

[lmpool:auto_generated_poll_forwarder]
description = auto_genterated_poll_forwarder
quota = MAX
slaves = *
stack_id = forwarder

[lmpool:auto_generated_poll_free]
...

[general]
pass4SymmKey = ....
serverName = localhost.localdomain

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!