Getting Data In

SplunkUniversalForwarder: Cooked connection to ip=192.168.0.115:9997 timed out

mathdewulf
New Member

I installed Splunk on my laptop and wanted to receive the logs from 2 other desktops.
So on these desktops I installed the SplunkUniversalForwarder to send everything to my laptop.
However, on both desktops I checked the log files and every minut the following event is generated:

06-07-2013 17:43:12.091 +0200 WARN  TcpOutputProc - Cooked connection to ip=192.168.0.115:9997 timed out

On my laptop, I configured receiving so don't know how to troubleshoot this?
The desktops and my laptop are in same network.

0 Karma

dwaddle
SplunkTrust
SplunkTrust

A desktop firewall, perhaps? The outbound connection could be being blocked at the source, or the inbound connection being blocked at your laptop.

If any of the hosts involved are running a firewall product, you should make sure the necessary rules/exceptions are properly configured and check the firewall logs to see if there is any explicit message about things being blocked.

bmacias84
Champion

It a little hard without your inputs and outputs conf files. Could you post a scrubbed verion? Also turn TcpOutputProc channel to DEBUG. Are you using a wireless network?

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...