Hello, everyone.
When it comes to Indexers, there is an option you can use in "inputs.conf" where you add the following line to your "splunktcp" stanza:
connection_host=ip
What this will do is that, when the Indexer receives an event from a Forwarder, it will not try to resolve the IP Address of the Forwarder into its DNS name. I've had several timeout issues and broken pipes caused by this attempt to resolve the DNS name. So adding the setting above fixes the problem.
However, I believe the same thing is happening on my Deployment Server. When forwarders connect to my Deployment Server to look for new settings, the Deployment Server locks up, particularly with public subnets, because I believe it is trying to resolve all of the IP Addresses.
So the question is: Is there an equivalent setting or does anyone know of a way that I can configure the Deployment Server to NOT try and resolve the IP Addresses of all of the Forwarders that contact it to look for new settings?
Any ability to do such a thing would be greatly appreciated. Thanks, everyone!
EDIT: I should also add that my Deployment Server is on a Unix-based platform, so even if there's some configuration I can do to the machine's network settings, I'd be happy with that.
