Splunk Enterprise

Cant connect with Splunk Enterprise.

aromanhe
New Member

I cant connect my forwarder splunk and my enterprise splunk. I verified, by netstat, the connections and both tools are connected. However, in the Enterprise Splunk i cant see my forwarder splunk. I hope you can help me. Thanks.

Tags (1)
0 Karma

varad_joshi
Communicator

I had connectivity issues on Centos because of the firewall. Which OS you are on?
Do you see logs coming in _internal index?

0 Karma

skoelpin
SplunkTrust
SplunkTrust

When you say Splunk Enterprise can't see the forwarder, this could mean a few things.

If your using the deployment server, are you referring to Splunk not being able to see the forwarder? If so, then you need to add deploymentclient.conf so Splunk Enterprise can see it.

http://docs.splunk.com/Documentation/Splunk/7.0.1/Updating/Configuredeploymentclients

If your not using the deployment server, you need to add an inputs.conf and outputs.conf to your forwarder, restart the service, and data will start flowing into Splunk.

http://docs.splunk.com/Documentation/SplunkCloud/6.6.3/Data/Configureyourinputs

0 Karma

nickhills
Ultra Champion

Have you configured your forwarder with some inputs?
box-fresh a linux forwarder will not send anything, but a windows UF will prompt you to add some inputs during install.

You will however, get internal logs - have you looked for index=_internal if its working, you should see logs for both the indexer and UF

If my comment helps, please give it a thumbs up!
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...