Hello Splunkers!
i'm in doubt, i have installed UF on windows server but when i list forward-server it says that there are no active fordware but is configurated, on port 9997 and also de deploy with 8088. What issue do you think it is? is there a way to active the forwarder?
Thanks
Hi julian0125,
did you checked if the connection ports are open? you can check them using telnet.
then, you can check in forwarder's logs ($SPLUNK_HOME/var/log/splunk/
) if the connection is established.
At least check if the forwarder is active, you can check the process (ps -eafd
) searching for splunkd
process.
If you find that the process is active and ports are open, check if the servername is correct ($SPLUNK_HOME/etc/system/local/server.conf
e $SPLUNK_HOME/etc/system/local/inputs.conf
).
You can see at https://docs.splunk.com/Documentation/Forwarder/7.3.0/Forwarder/Troubleshoottheuniversalforwarder or https://docs.splunk.com/Documentation/Splunk/7.3.0/Forwarding/Receiverconnection
Bye.
Giuseppe
Did you restart your splunkforwarder service after the configuration?
Yup - you need to start it, probably as a service.