Getting Data In

Why does my Deployment Client not phone home with error "unable to resolve my hostname."?

InkerzBrad
Explorer

I have installed a universal forwarder on a Linux machine, and I configured it as a deployment client to phone a Splunk server at 192.168.1.28:8089. Unfortunately, it never does so.

My deploymentclient.conf is

[deployment-client]
disabled = false

[target-broker:deploymentServer]
targetUri = 192.168.1.28:8089

And I checked on the Client side with:
splunk display deploy-client
It outputs Deployment Client is enabled.

However, when I took a look at the splunkd.log, searching for DC(for Deployment Client), I saw lines:

Creating a DeploymentClient instance
unable to resolve my hostname. DeploymentClient is disabled.
....

I think this is the problem, but I cannot solve it. I don't know where the "hostname" thing is, so I don't know how to modify it.

Anyone please help me out! Cheers.

1 Solution

masonmorales
Influencer
 splunk set servername host.domain.com
 splunk set default-hostname host.domain.com
 splunk restart

If that doesn't work, you may also have to configure the hostname in Linux. The process will vary depending on what flavor of Linux you are running. Even if setting it in Splunk fixes your problem, I would still recommend configuring the hostname in Linux.

View solution in original post

landen99
Motivator

Check the firewall with the command on the client:

telnet ip port

If the DS is on a Windows box, make sure that the Windows firewall is either turned off or not blocking.

0 Karma

InkerzBrad
Explorer

Problem Sovled!!

Basically what I did is change the hostname of linux through "hostname xxx", and edited my /etc/hosts to map this xxx to 192.168.1.23 DONE!

0 Karma

muebel
SplunkTrust
SplunkTrust

A few things:

  1. Do you have any other clients that are able to checkin with the deployment server?
  2. Try setting the clientName = somedeployment.client.name setting in deploymentclient.conf
  3. I haven't seen this error before, but maybe check that the servername in etc/system/local/inputs and server.conf are resolvable
0 Karma

InkerzBrad
Explorer

Sorry I just found out I cannot update the detail of the question. So I just post my inputs.conf and server.conf here:

inputs.conf:
[default]
host = localhost.localdomain
server.conf:
[sslConfig]
sslKeysfilePassword = ....

[lmpool:auto_generated_poll_forwarder]
description = auto_genterated_poll_forwarder
quota = MAX
slaves = *
stack_id = forwarder

[lmpool:auto_generated_poll_free]
...

[general]
pass4SymmKey = ....
serverName = localhost.localdomain

0 Karma

InkerzBrad
Explorer
  1. No this is the only Client, And it cannot check in with the server.
  2. I tried to assign a name to it but it does not work.
  3. I check both config file it does seems a bit weird. I update the question please shed some light on it.
0 Karma

masonmorales
Influencer
 splunk set servername host.domain.com
 splunk set default-hostname host.domain.com
 splunk restart

If that doesn't work, you may also have to configure the hostname in Linux. The process will vary depending on what flavor of Linux you are running. Even if setting it in Splunk fixes your problem, I would still recommend configuring the hostname in Linux.

InkerzBrad
Explorer

Hi mason,

I check my hostname is just localhost.localdomain. I know it's just from the system command "hostname". Could it be the reason why the client cannot phone home? Should I change it to the IP address of the universal forwarder?

0 Karma

InkerzBrad
Explorer

Hi mason,
just a quick update.

I just tried these two commands and I saw the changes have been done to inputs.conf and server.conf
(changing the hostname in inputs.conf and servername in server.conf to 192.168.1.23), but after i restarted the splunk and it still doesn't work and the log said the same thing as in the question.

0 Karma

masonmorales
Influencer

What flavor of Linux are you running?

0 Karma

InkerzBrad
Explorer

Fedora Linux

0 Karma

masonmorales
Influencer

Run through this: http://www.labtestproject.com/using_linux/permanently_change_hostname_on_fedora

Then, restart Splunk, and let us know if there's any improvement. If not, you may need to capture a diag and open a support case.

0 Karma

InkerzBrad
Explorer

Cheers mason, problem SOLVED!!

0 Karma

masonmorales
Influencer

Please choose "Accept Answer" so that your question is marked as resolved and future Splunkers can quickly find our solution. 🙂

0 Karma

InkerzBrad
Explorer

Cool.
My remaining question is how come nobody experienced this problem before?

0 Karma

muebel
SplunkTrust
SplunkTrust

is localhost.localdomain an entry in /etc/hosts? what do you get when you nslookup localhost.localdomain ?

0 Karma

InkerzBrad
Explorer

Hi muebel,

it is an entry in my /etc/hosts and it is mapped to 127.0.0.1 and nslookup tell me server cannot find localhost.localdomain.

I don't think this is the reason because I have already changed the hostname in inputs.conf as well as the servername in server.conf to 192.168.1.23(which is the ip address of the deployment client )

0 Karma

esix_splunk
Splunk Employee
Splunk Employee

Check your configuration on the host, in the server.conf -

http://docs.splunk.com/Documentation/Splunk/6.2.5/admin/Serverconf

Additionally, make sure name resolution (DNS) is working on the box, that it can resolve it's own hostname and the hostname of the DS.

0 Karma

InkerzBrad
Explorer

Hi esix,

This is my server.conf, could you help me verify it?

server.conf:
[sslConfig]
sslKeysfilePassword = ....

[lmpool:auto_generated_poll_forwarder]
description = auto_genterated_poll_forwarder
quota = MAX
slaves = *
stack_id = forwarder

[lmpool:auto_generated_poll_free]
...

[general]
pass4SymmKey = ....
serverName = localhost.localdomain

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...