Splunk Enterprise

Splunk Light Cloud Deployment Server host and port

jeremyjh
Explorer

I guess I can't post links. i'm trying to follow instructions on a page you can find by Googling GettingdataintoSplunkLightcloudserviceusingLinux

I am following these instructions to setup a universal forwarder on an EC2 linux host. I am stuck at step 5, perhaps because I cannot determine the correct host and port number for my deployment server, or because it is not running. I thought it would just be input-myinstancename.cloud.splunk.com:8089 but that server is not listening to port 8089. It does listen to 9997 and I tried using that but I think that must be a different service.

These are examples of the errors I see in splunkd.log:

05-24-2019 13:16:54.802 +0000 INFO  DC:DeploymentClient - Shutting down phonehome thread.
05-24-2019 13:16:54.803 +0000 INFO  DC:DeploymentClient - Closing pubsub connection.
05-24-2019 13:17:45.761 +0000 INFO  DC:DeploymentClient - DeploymentClient has been shutdown.
05-24-2019 13:17:45.769 +0000 INFO  DC:DeploymentClient - Starting phonehome thread.
05-24-2019 13:17:45.769 +0000 INFO  DC:DeploymentClient - channel=tenantService/handshake Will retry sending handshake message to DS; err=not_connected
05-24-2019 13:17:56.818 +0000 INFO  ShutdownHandler - shutting down level "ShutdownLevel_DeploymentClient"
05-24-2019 13:17:56.818 +0000 INFO  DC:DeploymentClient - Shutting down phonehome thread.
05-24-2019 13:17:56.818 +0000 INFO  DC:DeploymentClient - Closing pubsub connection.
05-24-2019 13:17:56.819 +0000 INFO  DC:DeploymentClient - DeploymentClient has been shutdown.
05-24-2019 13:18:00.075 +0000 INFO  DC:DeploymentClient - Starting phonehome thread.
05-24-2019 13:18:00.077 +0000 INFO  DC:DeploymentClient - channel=tenantService/handshake Will retry sending handshake message to DS; err=not_connected
05-24-2019 13:18:12.077 +0000 INFO  DC:DeploymentClient - channel=tenantService/handshake Will retry sending handshake message to DS; err=not_connected
Labels (1)
Tags (1)
0 Karma
1 Solution

jeremyjh
Explorer

I just checked again this morning and now the deployment server is accepting connections and my forwarder is showing up in the console. I didn't change anything. So I guess if this happens to anyone in the future, just wait some hours/days ?

View solution in original post

0 Karma

jeremyjh
Explorer

I just checked again this morning and now the deployment server is accepting connections and my forwarder is showing up in the console. I didn't change anything. So I guess if this happens to anyone in the future, just wait some hours/days ?

View solution in original post

0 Karma

p_gurav
Champion

Is 8089 port is open on forwarder EC2 instance?

0 Karma

jeremyjh
Explorer

Hi, thanks for your reply. As I mentioned though, I'm using Splunk Light Cloud, so I do not manage or have access to the EC2 rules. From the outside, it looks exactly like a missing rule or wrong security group is applied.

Edit: Sorry just realized you are asking about the forwarder. The forwarder need not listen to 8089, it needs to connect to it on the deployment server. In fact, no host can connect to port 8089 on the deployment server, including my laptop.

0 Karma
Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!