- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
indexer configured but inactive on new Linux servers
I have been working on configuring splunk on the new Linux servers that were added to our environment. I ran into some issues and would appreciate if you can help me with these. The splunk server installed in our environment is version 4.1.3. I have installed splunkforwarder-6.1 on the linux server and configured it to forward to the indexer. When I list the forward servers, It shows the indexer as configured but inactive. I have checked all the input.conf and output.conf files on the forwarder. Is this any issue of incompatibility between splunk 4.1 and splunkforwarder-6.1?
What is the best way to make this work ? update my indexer?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk 6 forwarders are not compatible to 4.x indexers..
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sorry, typo its inputs.conf
From the metrics log it looks like its trying and failing. I don't see any erroe message why is it failing.
06-18-2014 13:11:01.595 -0400 INFO StatusMgr - destHost=XXXXX, destIp=XXXX, destPort=9997, eventType=connect_try, publisher=tcpout, sourcePort=8089, statusee=TcpOutputProcessor
06-18-2014 13:11:08.452 -0400 INFO StatusMgr - destHost=XXXX, destIp=XXXX, destPort=9997, eventType=connect_fail, publisher=tcpout, sourcePort=8089, statusee=TcpOutputProcessor
