I installed Splunk on my laptop and wanted to receive the logs from 2 other desktops.
So on these desktops I installed the SplunkUniversalForwarder to send everything to my laptop.
However, on both desktops I checked the log files and every minut the following event is generated:
06-07-2013 17:43:12.091 +0200 WARN TcpOutputProc - Cooked connection to ip=192.168.0.115:9997 timed out
On my laptop, I configured receiving so don't know how to troubleshoot this?
The desktops and my laptop are in same network.
A desktop firewall, perhaps? The outbound connection could be being blocked at the source, or the inbound connection being blocked at your laptop.
If any of the hosts involved are running a firewall product, you should make sure the necessary rules/exceptions are properly configured and check the firewall logs to see if there is any explicit message about things being blocked.
It a little hard without your inputs and outputs conf files. Could you post a scrubbed verion? Also turn TcpOutputProc channel to DEBUG. Are you using a wireless network?