I am trying to configure a universal forwarder and a splunk enterprise as a reciever on 2 different windows7 machines. Following are my .conf settings.
On Forwarder (inputs.conf) -
[default]
host = XXX
[monitor://D:\SplunkDat\xx*.log]
_TCP_ROUTING = xxx.xx.x.224
disabled = false
followtail = 0
sourcetype=iis
On Forwarder (ouputs.conf) -
[tcpout]
defaultGroup = default-autolb-group
[tcpout:default-autolb-group]
server = xxx.xx.x.224:9997
[tcpout-server://xxx.xx.x.224:9997]
On Reciever (inputs.conf) -
[splunktcp://9997]
disabled = 0
But I am getting the following error in reciever's splunkd.log
ERROR TcpInputProc - Received unexpected 369295360 byte message (Invalid payload_size=369295360 received while in parseState=1)! from src=xxx.xx.17.16:49709
I am able to do telnet from forwarder to reciever on port 9997.
Could anyone give me an idea about what could be the problem here ?
... View more