Doesnt seem to work for me.
This is what I see in the log:
04-03-2017 15:38:31.923 +0000 INFO DC:DeploymentClient - channel=tenantService/handshake Will retry sending handshake message to DS; err=not_connected
04-03-2017 15:38:34.429 +0000 WARN HttpPubSubConnection - Unable to parse message from PubSubSvr:
04-03-2017 15:38:34.429 +0000 INFO HttpPubSubConnection - Could not obtain connection, will retry after=32.804 seconds.
04-03-2017 15:38:43.923 +0000 INFO DC:DeploymentClient - channel=tenantService/handshake Will retry sending handshake message to DS; err=not_connected
04-03-2017 15:38:55.923 +0000 INFO DC:DeploymentClient - channel=tenantService/handshake Will retry sending handshake message to DS; err=not_connected
04-03-2017 15:38:57.482 +0000 ERROR TcpOutputFd - Connection to host=52.201.237.113:9997 failed. sock_error = 104. SSL Error = error:00000000:lib(0):func(0):reason(0)
04-03-2017 15:39:07.441 +0000 WARN HttpPubSubConnection - Unable to parse message from PubSubSvr:
04-03-2017 15:39:07.442 +0000 INFO HttpPubSubConnection - Could not obtain connection, will retry after=63.757 seconds.
I tried telnet to the IP & port, and that seems to go through.
Missed mentioning that this is on ubuntu.
The outputs.conf is:
[tcpout]
defaultGroup = splunkcloud
[tcpout:splunkcloud]
compressed = false
disabled = false
server = input-prd-p-h3z7wk2hxjrm.cloud.splunk.com:9997
sslCommonNameToCheck = input-prd-p-h3z7wk2hxjrm.cloud.splunk.com
sslCertPath = $SPLUNK_HOME/etc/apps/splunkclouduf/default/client.pem
sslPassword = 8997f53906a6bc9140a895e78335143b
sslRootCAPath = $SPLUNK_HOME/etc/apps/splunkclouduf/default/cacert.pem
sslVerifyServerCert = true
useACK = true
... View more