I receive the below error intermixingly in the UF metrics log and indexer is not receiving any log from this host. This error goes after sometime and log automatically start to flow. Please let me know what could be the reason. How I can troubleshoot.
destPort 9996, eventtype=connect_fail , publisher=tcpout sourcePort=8089 statusee=TcpOutputProcessor
The fact that this is intermittent and goes away after a while is really interesting.
You may be well served by searching additional Splunk logs, both during periods where it's not communicating, and also and especially at that point when it starts communicating. What does your _internal index say just before and during that period where it starts working?
If that's not helping you find the cause, I'd suggest starting with the below "general" links and seeing what the basic troubleshooting gets you.
The first is from another question and answer in here, and seems pretty complete.
The second is from conf 2017 and is for Linux forwarders, so I'm not sure it'll apply to Windows (and also I'm not sure you are Windows or Linux for this uf!) (BTW - conf 2020 is only a few weeks away and you should register, it's free this year!)
https://conf.splunk.com/files/2017/slides/troubleshooting-universal-forwarder-on-linux.pdf
The last is a short, official Splunk Doc on forwarder troubleshooting. It doesn't go into a lot of depth, but still has a few things to check.
https://docs.splunk.com/Documentation/Forwarder/8.0.6/Forwarder/Troubleshoottheuniversalforwarder
Let us know how you get along with this, or if you find any smoking guns or even can provide additional information - the ports involved, confirmation with telnet the firewall isn't being stupid, the version of Splunk, the version of the UF, the operating system each is running on, etc...