So I've been banging my head against the wall trying to get my Splunk Universal Forwarders to at least attempt to phonehome to the deployment server. If anyone could help with this I would greatly appreciate it!
I have three CentOS 7 VMs, and what I'm trying to do is create a test environment with one of those VMs being my indexer/search head, the other my deployment server, and the other a host with the Universal Forwarder installed.
I'm using 6.2.1.
On the deployment server I have the following in serverclass.conf:
[global]
whitelist.0 = *
restartSplunkd = true
stateOnClient = enabled
[serverClass:all_forwarders_outputs]
whitelist.0 = *
[serverClass:all_forwarders_outputs:app:all_forwarders_outputs]
I have all_forwarders_outputs in the $SPLUNK_HOME/etc/deployment-apps/ directory and in it's local/inputs.conf I have:
[tcpout]
defaultGroup = indexer_group1
[tcpout:indexer_group1]
server = 10.20.48.10:9997
I have verified that the deployment server is enabled with:
[root@localhost local]# /opt/splunk/bin/splunk display deploy-server
Deployment Server is enabled.
On the host with the Universal Forwarder I have the following in the $SPLUNK_HOME/etc/system/local/deploymentclient.conf:
[target-broker:deploymentServer]
targetUri = 10.20.48.50:8089
I have also verified that the forwarder is running as a deployment client with:
[root@localhost local]# /opt/splunkforwarder/bin/splunk display deploy-client
Deployment Client is enabled.
I have also checked to make sure 8089 could be reached on 10.20.48.50 with telnet.
With that configuration, when I run tcpdump it seems that the forwarder isn't even trying to reach the deployment server. It's not sending any traffic at all.
I've checked splunkd.log, even after setting the DeploymentClient log-level to DEBUG, and there's NOTHING related to the forwarder being a deploymentclient. None of the "PhoneHomeThread woke up" or "PhoneHomeThread waiting" lines you would expect, and no errors.
I've tried dropping the all_forwarders_outputs app directly into the forwarder to make sure that it could at least reach out to the indexer and that worked fine.
I've restarted both the forwarder and the deployment server several times and tried changing the phoneHomeInterval but to no avail.
Anyone have any ideas or suggestions? Anything I missed?
Any help would be much appreciated!
... View more