Hello All,
I can't see to find the answer to getting the Windows Universal Forwarder connected to the online sandbox.
My output.conf file is:
[tcpout]
defaultGroup = default-autolb-group,sandbox
[tcpout:default-autolb-group]
disabled = false
server = input-xxx-my-sandbox-url-xxx.cloud.splunk.com:9997
[tcpout:sandbox]
disabled = false
server = input-xxx-my-sandbox-url-xxx.cloud.splunk.com:9997
Receiving is configured on my sandbox for port 9997 and I can telnet to it.
My splunkd.log file repeats the following msg:
12-29-2014 15:07:08.592 -0500 ERROR TcpOutputFd - Read error. An existing connection was forcibly closed by the remote host.
12-29-2014 15:07:14.307 -0500 INFO DC:DeploymentClient - channel=tenantService/handshake Will retry sending handshake message to DS; err=not_connected
12-29-2014 15:07:26.309 -0500 INFO DC:DeploymentClient - channel=tenantService/handshake Will retry sending handshake message to DS; err=not_connected
12-29-2014 15:07:38.310 -0500 INFO DC:DeploymentClient - channel=tenantService/handshake Will retry sending handshake message to DS; err=not_connected
12-29-2014 15:07:38.593 -0500 ERROR TcpOutputFd - Read error. An existing connection was forcibly closed by the remote host.
I've also tried connect to my sandbox URL without the "input-" prefix. Anyone have some pointers as to what I'm missing?
Thanks
... View more