I am trying a Splunk POC on my personal machine with the following setup,
ARCHITECTURE DIAGRAM attached
One universal splunk forwarder running on Linux Ubuntu(running on VMWare on Windows) - installed universal splunk forwarder.
One search head+indexer running on Mac OS - installed Splunk enterprise
When I run splunk web, I am getting the below errors in the GUI (Attachment: Splunk_Distributed search error)
'Unable to connect to peer 18.104.22.168:8089 as status=DOWN'
'Instance name used by peer is already in use'
ERROR IN SCREENSHOT (INCASE IT IS NOT CLEAR):
Error  instance name "abc-MacBook-Air.local" used by peers is already in use by the search head. Review the serverName setting in server.conf to resolve this issue. Last connect time: 2017-01-30T19:51:53.000-05:00;Failed 8 out of 9 times.
NOTE: The below values are getting populated automatically in the server.conf files when I start up the indexer and forwarder. So it looks like the connection is established.
Forwarders - whole of server.conf created after forwarder is started up
Index+Search Head - server.conf: pass4SymmKey added, sslconfig added.
I do not have enough karma to attach files. If you need to see any of the conf files, please let me know, and I will post it in the comments.
The ip addresses are representative and are not real.
Please give me access to add attachments as the .conf files are important for debugging.