Hi,
I am trying to setup splunk to send my local system's data to remote indexer, however its not working, logs coming in splunkd.log file are as below:
Universal Forwarder logs:
06-17-2012 22:02:17.364 +0530 INFO TcpOutputProc - Connected to idx=IP.Address:9997
06-17-2012 22:02:17.750 +0530 INFO TcpOutputProc - Connection to IP.Address:9997 closed. Connection closed by server.
06-17-2012 22:02:17.750 +0530 WARN TcpOutputProc - Applying quarantine to idx=IP.Address:9997 numberOfFailures=14
06-17-2012 22:02:22.764 +0530 WARN DeploymentClient - Unable to send handshake message to deployment server. Error status is: not_connected
Remote system(Indexer logs):
06-01-2012 14:32:19.548 +0530 WARN DeploymentClient - Unable to send handshake message to deployment server. Error status is: not_connected
06-01-2012 14:32:21.523 +0530 WARN TcpOutputProc - Raw con˜Ô‚8³Cp~! from src=14.99.150.3:51925
My inputs.conf in local system(Universal forwarder) is as below:
[monitor://C:\apache-activemq-5.5.1-bin\apache-activemq-5.5.1\data\activemq.log]
source=VagishPC
sourcetype=activemq_log
ignoreOlderThan = 70d
disabled = false
Can ayone help me, what I am missing here?
Thanks,
Vagish
... View more