I have installed a universal forwarder on a Linux machine, and I configured it as a deployment client to phone a Splunk server at 192.168.1.28:8089. Unfortunately, it never does so.
My deploymentclient.conf is
[deployment-client]
disabled = false
[target-broker:deploymentServer]
targetUri = 192.168.1.28:8089
And I checked on the Client side with:
splunk display deploy-client
It outputs Deployment Client is enabled.
However, when I took a look at the splunkd.log, searching for DC(for Deployment Client), I saw lines:
Creating a DeploymentClient instance
unable to resolve my hostname. DeploymentClient is disabled.
....
I think this is the problem, but I cannot solve it. I don't know where the "hostname" thing is, so I don't know how to modify it.
Anyone please help me out! Cheers.
splunk set servername host.domain.com
splunk set default-hostname host.domain.com
splunk restart
If that doesn't work, you may also have to configure the hostname in Linux. The process will vary depending on what flavor of Linux you are running. Even if setting it in Splunk fixes your problem, I would still recommend configuring the hostname in Linux.
Check the firewall with the command on the client:
telnet ip port
If the DS is on a Windows box, make sure that the Windows firewall is either turned off or not blocking.
Problem Sovled!!
Basically what I did is change the hostname of linux through "hostname xxx", and edited my /etc/hosts to map this xxx to 192.168.1.23 DONE!
A few things:
Sorry I just found out I cannot update the detail of the question. So I just post my inputs.conf and server.conf here:
inputs.conf:
[default]
host = localhost.localdomain
server.conf:
[sslConfig]
sslKeysfilePassword = ....
[lmpool:auto_generated_poll_forwarder]
description = auto_genterated_poll_forwarder
quota = MAX
slaves = *
stack_id = forwarder
[lmpool:auto_generated_poll_free]
...
[general]
pass4SymmKey = ....
serverName = localhost.localdomain
splunk set servername host.domain.com
splunk set default-hostname host.domain.com
splunk restart
If that doesn't work, you may also have to configure the hostname in Linux. The process will vary depending on what flavor of Linux you are running. Even if setting it in Splunk fixes your problem, I would still recommend configuring the hostname in Linux.
Hi mason,
I check my hostname is just localhost.localdomain. I know it's just from the system command "hostname". Could it be the reason why the client cannot phone home? Should I change it to the IP address of the universal forwarder?
Hi mason,
just a quick update.
I just tried these two commands and I saw the changes have been done to inputs.conf and server.conf
(changing the hostname in inputs.conf and servername in server.conf to 192.168.1.23), but after i restarted the splunk and it still doesn't work and the log said the same thing as in the question.
What flavor of Linux are you running?
Fedora Linux
Run through this: http://www.labtestproject.com/using_linux/permanently_change_hostname_on_fedora
Then, restart Splunk, and let us know if there's any improvement. If not, you may need to capture a diag and open a support case.
Cheers mason, problem SOLVED!!
Please choose "Accept Answer" so that your question is marked as resolved and future Splunkers can quickly find our solution. 🙂
Cool.
My remaining question is how come nobody experienced this problem before?
is localhost.localdomain an entry in /etc/hosts? what do you get when you nslookup localhost.localdomain ?
Hi muebel,
it is an entry in my /etc/hosts and it is mapped to 127.0.0.1 and nslookup tell me server cannot find localhost.localdomain.
I don't think this is the reason because I have already changed the hostname in inputs.conf as well as the servername in server.conf to 192.168.1.23(which is the ip address of the deployment client )
Check your configuration on the host, in the server.conf -
http://docs.splunk.com/Documentation/Splunk/6.2.5/admin/Serverconf
Additionally, make sure name resolution (DNS) is working on the box, that it can resolve it's own hostname and the hostname of the DS.
Hi esix,
This is my server.conf, could you help me verify it?
server.conf:
[sslConfig]
sslKeysfilePassword = ....
[lmpool:auto_generated_poll_forwarder]
description = auto_genterated_poll_forwarder
quota = MAX
slaves = *
stack_id = forwarder
[lmpool:auto_generated_poll_free]
...
[general]
pass4SymmKey = ....
serverName = localhost.localdomain