I am trying to create a splunk environment with an Indexer, Search Head, Forwarder and a Deployment Server, however, I can't get any connectivity between any of my instances. In terms of configuration I have Splunk properly installed on all my instances along with:
Indexer: enable listen 9997 -auth admin:changeme
search head:
outputs.conf
[indexAndForward]
index = false
[tcpout]
forwardedindex.filter.disable = true
indexAndForward = false
[tcpout:my_search_peers]
server= INDEXER_IP:9997
autoLB = true
add search-server -host INDEXER_IP:8089
restart
splunk edit licenser-localslave -master_uri 'https://search_head_ip:8089'
Forwarder
splunk add forward-server INDEXER_IP:9997
Deployer
{SPLUNK_FWD_HOME}/etc/apps/deployclient/local/deploymentclient.conf
[deployment-client]
[target-broker:deploymentServer]
targetUri = <DEPLOY_IP>
Have I missed anything here or have I done something wrong?
Cheers for any help!
I fixed my own problem. I forgot to enable distributed search on the indexer.
./splunk enable dist-search -auth admin:changeme
I fixed my own problem. I forgot to enable distributed search on the indexer.
./splunk enable dist-search -auth admin:changeme