Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

splunk forwarder is not connecting to the splunk manager.

Mr_Sneed
Explorer
‎02-14-2024 10:28 AM

My forwarder refuses to connect to the manager over 8089. 

firewall is allowing traffic

set deploy-poll is working and yet I cannot see the connection even be attempted via netstat on the splunk universal forwarder (nix)

UF ---> HF

 

here is my deploymentclient.conf

[deployment-client]

[target-broker:deploymentServer] #this was part of default after command was run

deploymentServer=x.x.x.x:8089

targetUri = 10.1.10.69:8089  #this was part of default after command was run

Labels (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎02-14-2024 01:14 PM

Are there any messages in the forwarder's splunkd.log that might explain what is happening?  Look for "DC:" in the log.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎02-14-2024 11:04 PM

Hi @Mr_Sneed ,

as you can read at https://docs.splunk.com/Documentation/Splunk/9.2.0/Admin/Deploymentclientconf , you have to insert in your deploymentclient.conf:

[target-broker:deploymentServer]
targetUri = 10.1.10.69:8089

that's the output of the "splunk set deploy-poll" command, not other.

Then you should check (using telnet if the route on port 8089 between the client and the Deployment Server is open.

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎02-14-2024 01:14 PM

Are there any messages in the forwarder's splunkd.log that might explain what is happening?  Look for "DC:" in the log.

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

Mr_Sneed
Explorer
‎02-15-2024 12:09 AM

in splunk.log I had an interesting log that mentioned something about the hostname and not being able to resolve it. I changed the hostname and everything works. Thanks for the help

Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎02-15-2024 12:12 AM

Hi @Mr_Sneed ,

good for you, see next time!

let us know if we can help you more, or, please, accept one answer (eventually the your one) for the other people of Community.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated by all the contributors 😉

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...