I've been tasked with installing Splunk Cloud on our hosted Windows environment, and I'm running into issues getting all of the forwarding working properly.
I have two Universal Forwarders sending data to a Heavy Forwarder acting as a Gateway Forwarder. This Gateway Forwarder is then communicating with our cloud SaaS.
On the Universal Forwarder instance I get the following error:
No connection could be made because the target machine actively refused it.
The problem is I already have the Gateway Forwarder set to accept connections on this port, and additionally, there are no firewall rules to block the communication.
The logs on the Gateway Forwarder report that essentially all of the logs coming through it are possible duplicates, and after some point, the cloud SaaS blocks communications temporarily.
This duplicate entry issue is appearing for Splunk's own logs as well as the logs for our application. I've tried reinstalling the Universal Forwarders, but are there any other steps that I could follow or configurations that I could change?
Thanks in advance!
... View more