Hi All,
I am performing the POC for splunk cloud. However I have tried to configure Universal forwarder on the remote machine. When the remote machine tried to connect to splunk cloud platform it shows me the error below in the log?
Connect to x.x.x.x:9997 failed. No connection could be made because the target machine actively refused it
Help really appreciated!!!
This error is a network-related error occurred while establishing a connection to the Server. It means that the error is occurring because there is no server listening at the hostname and port you assigned. It happens that something is preventing a connection to the port or hostname. Either there is a firewall blocking the connection or the process that is hosting the service is not listening on that specific port. This may be because it is not running at all or because it is listening on a different port. So, no connection can be established. The solution to this problem is that connect to the same end point your server is listening on.
Also check your firewall settings to make sure local src and dest ports are not being blocked.
For SplunkCloud forwarders configuration you need to use the forwarder credentials app provided to you by your Sales Engineer.
And need to clean all the manual settings you may have done, or that may have been created by the install wizard.