Hi,
I am trying to setup splunk to send my local system's data to remote indexer, however its not working, logs coming in splunkd.log file are as below:
Universal Forwarder logs:
06-17-2012 22:02:17.364 +0530 INFO TcpOutputProc - Connected to idx=IP.Address:9997
06-17-2012 22:02:17.750 +0530 INFO TcpOutputProc - Connection to IP.Address:9997 closed. Connection closed by server.
06-17-2012 22:02:17.750 +0530 WARN TcpOutputProc - Applying quarantine to idx=IP.Address:9997 numberOfFailures=14
06-17-2012 22:02:22.764 +0530 WARN DeploymentClient - Unable to send handshake message to deployment server. Error status is: not_connected
Remote system(Indexer logs):
06-01-2012 14:32:19.548 +0530 WARN DeploymentClient - Unable to send handshake message to deployment server. Error status is: not_connected
06-01-2012 14:32:21.523 +0530 WARN TcpOutputProc - Raw con˜Ô‚8³Cp~! from src=14.99.150.3:51925
My inputs.conf in local system(Universal forwarder) is as below:
[monitor://C:\apache-activemq-5.5.1-bin\apache-activemq-5.5.1\data\activemq.log]
source=VagishPC
sourcetype=activemq_log
ignoreOlderThan = 70d
disabled = false
Can ayone help me, what I am missing here?
Thanks,
Vagish
Hi,
I think there is non ssl connection between forwarder and receiver, in receiver machine I see the log coming as: Initializing connection for non-ssl forwaring to xx.xx.xx.xx:9997
06-10! from src=xx.xx.xx.xx:51352.
Also I have checked outputs.conf file of forwarder and inputs.conf file of receiver, however didn't see any ssl information.
This sounds like you're trying to setup a non-SSL connection to an indexer that expects SSL, or compressed SSL to an indexer that expects non-compressed, or vice versa. You should check your settings in outputs.conf on the forwarder, and inputs.conf on the indexer.