Hi,
I am new to Spunk and have created a basic Splunk Server and SplunkForwarder(Client).
On Client, it is showing me error:
09-11-2013 21:14:12.022 +0530 WARN DeploymentClient - Unable to send handshake message to deployment server. Error status is: not_connected
09-11-2013 21:14:12.022 +0530 DEBUG DeploymentClient - Handshake not yet finished. will continue retrying with a rate of '12000 secs'
But when I execute splunk list forward-server , the output is like
"Active forwards:
192.168.145.20:9997
Configured but inactive forwards:
None"
On the Splunk Server: splunk list deploy-clients results into
"No deployment clients have contacted this server".
I am not able to find the reason why the client is not able to contact server.
Appreciate your help.
forward-server is not the same thing as deployment server. forward-server just tells you which server(s) a forwarder is sending its events to, whereas a deployment server is something you setup for distributing apps from a central repository to client Splunk instances.
To get a deployment architecture working, you need to enable the deployment server, and also make sure that port 8089 on the deployment server is available from the systems you will use as deployment clients. More information here: http://docs.splunk.com/Documentation/Splunk/5.0/Deploy/Aboutdeploymentserver
As per the Splunk Documentation:
Configure universal forwarder to act as a deployment client (optional). To do this, just specify the deployment server:
splunk set deploy-poll <host>:<port>
where:
This step also automatically enables the deployment client functionality.
I just did this step.
Read the docs I linked to.
Ayn, can you let me know how to configure a deployment client. I think I have mistaken deployment-client as forward-server.