I am able to connect from the server to the proxy using telnet, I am not able to connect to the indexers using telnet, however this should be possible while connecting from the universal forwarder using the forwarder credentials package, right?
The forwarder seems to be unable to connect to the indexers. splunkd file has the following warnings:
TcpOutputProc - 'sslCertPath' deprecated; use 'clientCert' instead..
Cooked connection to ip=:9997 timed out.
In the splunkd text file I don't see anything about the proxy I configured either, should this show in the splunkd file?
Does anyone have an idea on how to troubleshoot this issue?
To connect with indexer from Splunk UF you have to add SSL cert configuration in outputs.conf file of the UF:
defaultGroup = my_indexers
server = your indexer DNS: port on which you want to send the data
sslCertPath = *******
sslRootCAPath = *********
sslPassword = ********
sslCommonNameToCheck = ********
sslVerifyServerCert = true
useClientSSLCompression = true
Can you tell me where I can find this information? If I am connecting from UF to the indexers from servers that do not connect through a proxy, I never have to add this to the outputs.conf. Also, should it be in etc/apps/SplunkUniversalForwarder/default/outputs.conf ?