Hi All,
I'm currently implementing a new installation of Splunk.
Single-Server-Scenario server that will have forwarders forwarding data into it.
I'm trying to install the Windows Infrastructure App.
I began by installing the Universal Forwarders and setting a sendtoindexer app.
Here are the configurations in the outputs.conf of the sendtoindexer app:
[tcpout]
defaultGroup = splunkindexers
[tcpout:splunkindexers]
server = splunkprod:9997
[tcpout-server://splunkprod:9997]
Nothing appears in the relevant indexes and i get the following error when i go into the Splunk system activity page:
04-20-2015 15:10:50.415 +0300 ERROR TcpOutputFd - Connection to host=192.168.XX.XXX:9997 failed
Please assist ASAP, any feedback will be helpful...
Thanks a lot!!!
Shahar
Confirm that Windows Firewall isn't silently eating packets on both the client and the server.
Of course, It's configured to receive on this port.
Additionally, when i use telnet to the splunk server using 9997 i get an answer.
Thanks,
Shahar
Hi,
is the Splunk server configured for receiving events?! check settings->forwarding and receiving->configure receiving ...
Can you establish a tcp connection from client to server on tcp/9997 (from client: telnet server 9997)
Cheers,
Andreas