Hi @deepakc, following output of required checks: Check that your serverclass is taking the current config (might be some config that’s overriding, its normally in /opt/splunk/etc/system/local/serv...
See more...
Hi @deepakc, following output of required checks: Check that your serverclass is taking the current config (might be some config that’s overriding, its normally in /opt/splunk/etc/system/local/serverclass and sometimes in a dedicated app /opt/splunk/bin/splunk btool serverclass list --debug - Done: the only 2 serverclass.conf files are the ones under $SPLUNK_HOME$/etc/system/default and $SPLUNK_HOME$/etc/system/local Check the Permissions on the HF's /opt/splunk/etc/apps/ (sudo chown -R splunk:splunk /opt/splunk/etc/apps - this is typical) - Done, folder ownership is fine Restart the HF / Deployment Server - Done Can you verify the ownership of the apps on the Deployment Server (Typically they should be splunk:splunk sudo chown -R splunk:splunk /opt/splunk/etc/deployment_apps) - Done, ownership if fine Can you verify the firewall ports are all OK 8089 (HF to DS - port 8089) - Done, HFs can reach DS on 8089 and vice versa Can you double check the apps names in serverclass.conf (I have seen app name typo's errors in the past) - Done, app folder name and app name in serveclass.conf are the same