Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Universal Forwarder 9.1.3 not connecting

cmeyer
Loves-to-Learn Lots
2 weeks ago

Hey all,  I recently upgraded our Splunk server to 9.1.3.  I have a single UF running 8.2 which connects, however my newly deployed 9.1.3 forwarder on server 2 (Windows Server) doesn't connect.  This is net new and has never connected.  I am seeing mixed info on whether or not SSL certs need to be configured on the forwarder.  I see the UF talking to our Enterprise server on port 9997.  I am using CA signed certs on the Slunk server and default certificates on the server which uses the UF.   Can anyone point me in the right direction to get this working?  The output.conf is as follows:

 

[tcpout]
defaultGroup=default-autolb-group

[tcpout:default-autolb-group]
server=<SPLUNK_IP_SERVER>:9997
useSSL=false

[tcpout-server://<SPLUNK_IP_SERVER>:9997]
Labels (1)
Labels
0 Karma
Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...