Splunk Cloud Platform

Why is Universal forwarder failing to configure in windows system?

prabhakar_rhymt
Engager

Hi,

We are taken Splunk cloud community edition trail.  and we have installed universal forwarder in windows but it is not communicating to cloud server.

We are getting error like this:

 

02-21-2022 12:42:48.381 +0530 INFO  DC:DeploymentClient [691880 PhonehomeThread] - channel=tenantService/handshake Will retry sending handshake message to DS; err=not_connected
02-21-2022 12:42:59.014 +0530 INFO  ProxyConfig [595472 HttpClientPollingThread_422CEEC3-132D-4E49-B8B8-20DC5A33230D] - Failed to initialize http_proxy from server.conf for splunkd. Please make sure that the http_proxy property is set as http_proxy=http://host:port in case HTTP proxying needs to be enabled.

 

we are enable all ports which are required for communication but still it is not connecting to cloud server.

Help us to resolve this issue.

Thank You.

Labels (2)
0 Karma
1 Solution

SanjayReddy
Builder

Hi @prabhakar_rhymt 

Thanks for response.

are you getting connection falied erros?, then you need to open firewall between Splunk Cloud and Window server 

I guess rasing ticket to Splunk support might help to enable connectivity, but I am not 100% sure.



View solution in original post

0 Karma

prabhakar_rhymt
Engager

@SanjayReddy 

 

I am getting Connection refused error. And I have turned-off my firewall also to allow ports for traffic. But still it's no use.

0 Karma

prabhakar_rhymt
Engager

Hi @SanjayReddy 

 

I have tried with Telnet as you said, but it's throwing connection error.

0 Karma

SanjayReddy
Builder

Hi @prabhakar_rhymt 

Thanks for response.

are you getting connection falied erros?, then you need to open firewall between Splunk Cloud and Window server 

I guess rasing ticket to Splunk support might help to enable connectivity, but I am not 100% sure.



0 Karma

SanjayReddy
Builder

Hi  @prabhakar_rhymt 


Error Message that you shared is for deployment server issue, UF is not able to connect to deployment server.(in this  be same instance as splunk cloud)

however for UF not able to connect to splunk cloud can you please do telnet from windows UF to cloud instance

telnet <cloudhostname> 9997  to check weather connectivity between windows UF and splunk cloud happening. if not present you need to enable firewall between them

also can you check in splunkd.log for any error or warn messages 

please run following command to check active forwarders list

cd C:\Program Files\Splunk\bin

splunk list forward-server

SanjayReddy_0-1645438301009.png

 


if output is blank you need to configure ip in outputs.conf (C:\Program Files\Splunk\etc\system\local) and restart splunk

 

 

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...