Two of my servers not reporting in Splunk. They are running in windows server 2012 r2 std and 2016 datacenter. Splunk universal forwarder 7.2.0 installed in both servers.
Please find find my below observations:
1.Iam able to telnet the below IPs.
telnet 54.157.x.x 9997
telnet 34.197.x.x 9997
telnet 35.175.x.x 9997
telnet 54.241.x.x 443
2.So port is allowed but when i run netstat -a 9997 port not shows.
3.Splunk service is running in both servers(But when i try to restart, first time it shows error (windows cannot stop splunk forwarder service on local computer Error:1053) and the service gets stopped but iam able to start the service anyway).
4.Local Windows firewall is turned off.
5.When i checked for the logs from C:\Program Files\SplunkUniversalForwarder\var\log\splunk\splunkd.log i found the error message 'The TCP output processor has paused the data flow. Forwarding to output group splunkcloud has been blocked for 598307 seconds'
Gents, can the point no.2 or point no.5 causing the issue. Anyway to fx this?
... View more