Installation

splunk forwarder is not connecting to the splunk manager.

Mr_Sneed
Explorer

My forwarder refuses to connect to the manager over 8089. 

firewall is allowing traffic

set deploy-poll is working and yet I cannot see the connection even be attempted via netstat on the splunk universal forwarder (nix)

UF ---> HF

 

here is my deploymentclient.conf

[deployment-client]

[target-broker:deploymentServer] #this was part of default after command was run

deploymentServer=x.x.x.x:8089

targetUri = 10.1.10.69:8089  #this was part of default after command was run

Labels (3)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

Are there any messages in the forwarder's splunkd.log that might explain what is happening?  Look for "DC:" in the log.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

gcusello
SplunkTrust
SplunkTrust

Hi @Mr_Sneed ,

as you can read at https://docs.splunk.com/Documentation/Splunk/9.2.0/Admin/Deploymentclientconf , you have to insert in your deploymentclient.conf:

[target-broker:deploymentServer]
targetUri = 10.1.10.69:8089

that's the output of the "splunk set deploy-poll" command, not other.

Then you should check (using telnet if the route on port 8089 between the client and the Deployment Server is open.

Ciao.

Giuseppe

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Are there any messages in the forwarder's splunkd.log that might explain what is happening?  Look for "DC:" in the log.

---
If this reply helps you, Karma would be appreciated.

Mr_Sneed
Explorer

in splunk.log I had an interesting log that mentioned something about the hostname and not being able to resolve it. I changed the hostname and everything works. Thanks for the help

gcusello
SplunkTrust
SplunkTrust

Hi @Mr_Sneed ,

good for you, see next time!

let us know if we can help you more, or, please, accept one answer (eventually the your one) for the other people of Community.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated by all the contributors 😉

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...