Splunk Cloud Platform

Why is Universal forwarder failing to configure in windows system?

prabhakar_rhymt
Engager

Hi,

We are taken Splunk cloud community edition trail.  and we have installed universal forwarder in windows but it is not communicating to cloud server.

We are getting error like this:

 

02-21-2022 12:42:48.381 +0530 INFO  DC:DeploymentClient [691880 PhonehomeThread] - channel=tenantService/handshake Will retry sending handshake message to DS; err=not_connected
02-21-2022 12:42:59.014 +0530 INFO  ProxyConfig [595472 HttpClientPollingThread_422CEEC3-132D-4E49-B8B8-20DC5A33230D] - Failed to initialize http_proxy from server.conf for splunkd. Please make sure that the http_proxy property is set as http_proxy=http://host:port in case HTTP proxying needs to be enabled.

 

we are enable all ports which are required for communication but still it is not connecting to cloud server.

Help us to resolve this issue.

Thank You.

Labels (2)
0 Karma
1 Solution

SanjayReddy
Builder

Hi @prabhakar_rhymt 

Thanks for response.

are you getting connection falied erros?, then you need to open firewall between Splunk Cloud and Window server 

I guess rasing ticket to Splunk support might help to enable connectivity, but I am not 100% sure.



View solution in original post

0 Karma

prabhakar_rhymt
Engager

@SanjayReddy 

 

I am getting Connection refused error. And I have turned-off my firewall also to allow ports for traffic. But still it's no use.

0 Karma

prabhakar_rhymt
Engager

Hi @SanjayReddy 

 

I have tried with Telnet as you said, but it's throwing connection error.

0 Karma

SanjayReddy
Builder

Hi @prabhakar_rhymt 

Thanks for response.

are you getting connection falied erros?, then you need to open firewall between Splunk Cloud and Window server 

I guess rasing ticket to Splunk support might help to enable connectivity, but I am not 100% sure.



0 Karma

SanjayReddy
Builder

Hi  @prabhakar_rhymt 


Error Message that you shared is for deployment server issue, UF is not able to connect to deployment server.(in this  be same instance as splunk cloud)

however for UF not able to connect to splunk cloud can you please do telnet from windows UF to cloud instance

telnet <cloudhostname> 9997  to check weather connectivity between windows UF and splunk cloud happening. if not present you need to enable firewall between them

also can you check in splunkd.log for any error or warn messages 

please run following command to check active forwarders list

cd C:\Program Files\Splunk\bin

splunk list forward-server

SanjayReddy_0-1645438301009.png

 


if output is blank you need to configure ip in outputs.conf (C:\Program Files\Splunk\etc\system\local) and restart splunk

 

 

0 Karma
Get Updates on the Splunk Community!

Security Highlights: September 2022 Newsletter

 September 2022 The Splunk App for Fraud Analytics (SFA) is now Splunk SupportedUse your existing Splunk ...

Platform Highlights | September 2022 Newsletter

 September 2022 What’s New in 9.0 and How to UpgradeGet a walk through of what is new Splunk Enterprise 9.0 ...

Observability Highlights | September 2022 Newsletter

 September 2022 Splunk Observability SuiteAccess to "Classic" SignalFx Interface Will be Removed on Sept 30, ...