Splunk Cloud Platform

Why is Universal forwarder failing to configure in windows system?

prabhakar_rhymt
Engager

Hi,

We are taken Splunk cloud community edition trail.  and we have installed universal forwarder in windows but it is not communicating to cloud server.

We are getting error like this:

 

02-21-2022 12:42:48.381 +0530 INFO  DC:DeploymentClient [691880 PhonehomeThread] - channel=tenantService/handshake Will retry sending handshake message to DS; err=not_connected
02-21-2022 12:42:59.014 +0530 INFO  ProxyConfig [595472 HttpClientPollingThread_422CEEC3-132D-4E49-B8B8-20DC5A33230D] - Failed to initialize http_proxy from server.conf for splunkd. Please make sure that the http_proxy property is set as http_proxy=http://host:port in case HTTP proxying needs to be enabled.

 

we are enable all ports which are required for communication but still it is not connecting to cloud server.

Help us to resolve this issue.

Thank You.

Labels (2)
0 Karma
1 Solution

SanjayReddy
Builder

Hi @prabhakar_rhymt 

Thanks for response.

are you getting connection falied erros?, then you need to open firewall between Splunk Cloud and Window server 

I guess rasing ticket to Splunk support might help to enable connectivity, but I am not 100% sure.



----
Thanks and Regards,
Sanjay Reddy
----
If this reply helps you, Karma would be appreciated.

If your problem is resolved, then please click the "Accept as Solution" button to help future readers.

View solution in original post

0 Karma

prabhakar_rhymt
Engager

@SanjayReddy 

 

I am getting Connection refused error. And I have turned-off my firewall also to allow ports for traffic. But still it's no use.

0 Karma

prabhakar_rhymt
Engager

Hi @SanjayReddy 

 

I have tried with Telnet as you said, but it's throwing connection error.

0 Karma

SanjayReddy
Builder

Hi @prabhakar_rhymt 

Thanks for response.

are you getting connection falied erros?, then you need to open firewall between Splunk Cloud and Window server 

I guess rasing ticket to Splunk support might help to enable connectivity, but I am not 100% sure.



----
Thanks and Regards,
Sanjay Reddy
----
If this reply helps you, Karma would be appreciated.

If your problem is resolved, then please click the "Accept as Solution" button to help future readers.
0 Karma

SanjayReddy
Builder

Hi  @prabhakar_rhymt 


Error Message that you shared is for deployment server issue, UF is not able to connect to deployment server.(in this  be same instance as splunk cloud)

however for UF not able to connect to splunk cloud can you please do telnet from windows UF to cloud instance

telnet <cloudhostname> 9997  to check weather connectivity between windows UF and splunk cloud happening. if not present you need to enable firewall between them

also can you check in splunkd.log for any error or warn messages 

please run following command to check active forwarders list

cd C:\Program Files\Splunk\bin

splunk list forward-server

SanjayReddy_0-1645438301009.png

 


if output is blank you need to configure ip in outputs.conf (C:\Program Files\Splunk\etc\system\local) and restart splunk

 

 

----
Thanks and Regards,
Sanjay Reddy
----
If this reply helps you, Karma would be appreciated.

If your problem is resolved, then please click the "Accept as Solution" button to help future readers.
0 Karma
Get Updates on the Splunk Community!

How I Instrumented a Rust Application Without Knowing Rust

As a technical writer, I often have to edit or create code snippets for Splunk's distributions of ...

Splunk Community Platform Survey

Hey Splunk Community, Starting today, the community platform may prompt you to participate in a survey. The ...

Observability Highlights | November 2022 Newsletter

 November 2022Observability CloudEnd Of Support Extension for SignalFx Smart AgentSplunk is extending the End ...