I am having trouble getting started with a sandbox. I would love some help so I can start getting value out of splunk and become a paying customer, etc.
In my sandbox dashboard at https://prd-p-rnfbdk7swh3x.cloud.splunk.com/en-US/app/search/search, I see no data has been received. The host with the splunkforwarder shows this in its splunkd.log:
INFO TcpOutputProc - Connected to idx=54.86.164.71:9997 using ACK.
ERROR TcpOutputFd - Read error. Connection reset by peer
ERROR TcpOutputFd - Read error. Connection reset by peer
... repeating ...
I believe the forward-server is correctly configured:
[root@qa-c1-ps etc]# /opt/splunkforwarder/bin/splunk list forward-server
Active forwards:
input-prd-p-rnfbdk7swh3x.cloud.splunk.com:9997 (ssl)
Configured but inactive forwards:
None
My splunkforwarder/etc/system/local/inputs.conf looks like this:
[default]
host = qa-c1-ps.paxatadev.com
and my splunkforwarder/etc/system/local/outputs.conf looks like this:
[tcpout]
defaultGroup = default-autolb-group
[tcpout:default-autolb-group]
server = input-prd-p-rnfbdk7swh3x.cloud.splunk.com:9997
[tcpout-server://input-prd-p-rnfbdk7swh3x.cloud.splunk.com:9997]
I have my monitored files configured also, and I have made sure that the qa-c1-ps host can access the sandbox at port 9997 via ssl. I appreciate any help anyone can provide.
... View more