hi i am sure i am missing something silly but honestly could not identify why i am getting this error "DeploymentClient - Unable to send handshake message to deployment server. Error status is: not_connected"
LINUX FORWARDERS
[serverClass:all_linux_forwarder]
whitelist.0 = 172.23.175.*
stateOnClient=enabled
restartSplunkd = true
[serverClass:all_linux_forwarder:app:unix]
stateOnClient=enabled
restartSplunkd = true
[deployment-client]
[target-broker:deploymentServer]
targetUri = 192.168.169.59:8889
*8889 is the mgmt port in our environment.
i tried reload deployment-server, i restarted splunk and the forwarder several time.
can any one help me why i am seeing this issue?
Much thanks in advance
OK, first backup and delete serverclass.conf on splunk server.
Go to Splunk Manager > Deployment > Deployment server > New (here create your all_linux_forwarder class) > Save
Restart linux forwarder.
Go to deployment client server (linux forwarder) and try with telnet or nc connect to splunk server (eg. telnet 192.168.169.59 8889).
If you can't that means your port 8889 on splunk server is blocked or even not open.
thanks for the answer... but i tried this many times and i was able to telnet to the server.