×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
technicrat
New Member
Member since: ‎04-13-2011
‎06-05-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎04-13-2011
Activity Feed
Topics I've Started
View All

2008R2 universal forwarder issue

by in Getting Data In
‎04-13-2011 02:48 PM
‎04-13-2011 02:48 PM
I am rolling out the universal forwarders to my domain controllers. All was going well untill I started installing it on my 2008R2 domain controllers. The universla forwarder works fine on my 2k3 and 2008 boxes. On my 2008R2 servers the agent checks in but doews not send any events. It looks like it gets it config from the deployment server but then it can't connect. I found this in the splunkd.log: No connection could be made 04-12-2011 14:25:40.970 -0400 WARN DeployedApplication - Installing app: inputs_win_sec to location: D:\program files\splunk\etc\apps\inputs_win_sec 04-12-2011 14:25:41.048 -0400 INFO DeployedApplication - Checksum mismatch 0 <> 14022092945545768778 for app: outputs_win. It will be reloaded again from: 10.136.255.33:8090/services/streams/deployment?name=default:forwarder_win_sec:outputs_win 04-12-2011 14:25:41.048 -0400 INFO DeployedApplication - Remote repository has resolved to: 10.136.255.33:8090/services/streams/deployment?name=default:forwarder_win_sec:outputs_win 04-12-2011 14:25:41.142 -0400 WARN HTTPClient - Unable to parse status line: HTTP/1.1 200 04-12-2011 14:25:41.142 -0400 INFO DeployedApplication - Downloaded url: 10.136.255.33:8090/services/streams/deployment?name=default:forwarder_win_sec:outputs_win to file: D:\program files\splunk\var\run\forwarder_win_sec\outputs_win-1302272649.bundle 04-12-2011 14:25:41.142 -0400 WARN DeployedApplication - Installing app: outputs_win to location: D:\program files\splunk\etc\apps\outputs_win 04-12-2011 14:25:41.220 -0400 WARN DeploymentClient - Restarting Splunkd... 04-12-2011 14:25:47.819 -0400 WARN TcpOutputFd - Connect to 10.x.x.x:9997 failed. No connection could be made because the target machine actively refused it. 04-12-2011 14:25:47.819 -0400 ERROR TcpOutputFd - Connection to host=10.x.x.x:9997 failed 04-12-2011 14:25:48.006 -0400 INFO TailingProcessor - Could not send data to output queue (parsingQueue), retrying... 04-12-2011 14:26:17.818 -0400 WARN TcpOutputFd - Connect to 10.x.x.x:9997 failed. No connection could be made because the target machine actively refused it. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:02 AM