I made the changes in /opt/splunkforwarder/etc/system/local/outputs.conf file only
[tcpout]
defaultGroup = my_indexers
[tcpout:my_indexers]
server = 10.100.0.69:9997
Below is the error of splunkd.log file.
09-14-2012 11:25:56.706 +0530 WARN DeploymentClient - Unable to send handshake message to deployment server. Error status is: not_connected
09-14-2012 11:26:08.706 +0530 WARN DeploymentClient - Unable to send handshake message to deployment server. Error status is: not_connected
09-14-2012 11:26:20.707 +0530 WARN DeploymentClient - Unable to send handshake message to deployment server. Error status is: not_connected
09-14-2012 11:26:20.707 +0530 INFO HttpPubSubConnection - Could not obtain connection, will retry after 60 seconds.
09-14-2012 11:26:21.158 +0530 INFO TcpOutputProc - Removing quarantine from idx=10.100.0.69:9997
09-14-2012 11:26:21.159 +0530 WARN TcpOutputFd - Connect to 10.100.0.69:9997 failed. Connection refused
09-14-2012 11:26:21.159 +0530 ERROR TcpOutputFd - Connection to host=10.100.0.69:9997 failed
09-14-2012 11:26:21.159 +0530 WARN TcpOutputProc - Applying quarantine to idx=10.100.0.69:9997 numberOfFailures=4
09-14-2012 11:26:32.707 +0530 WARN DeploymentClient - Unable to send handshake message to deployment server. Error status is: not_connected
09-14-2012 11:26:44.707 +0530 WARN DeploymentClient - Unable to send handshake message to deployment server. Error status is: not_connected
09-14-2012 11:26:51.160 +0530 INFO TcpOutputProc - Removing quarantine from idx=10.100.0.69:9997
09-14-2012 11:26:51.161 +0530 WARN TcpOutputFd - Connect to 10.100.0.69:9997 failed. Connection refused
09-14-2012 11:26:51.161 +0530 ERROR TcpOutputFd - Connection to host=10.100.0.69:9997 failed
09-14-2012 11:26:51.161 +0530 WARN TcpOutputProc - Applying quarantine to idx=10.100.0.69:9997 numberOfFailures=5
Please let me know what should be the simple step to add unix machine in splunk server (which is running on windows 2008 r2 server)
... View more