Hello together,
we have a problem with our splunk lightforwarders (MS Windows 2003). After upgrading from 4.0.8 to 4.1.5 we encountered a problem with the connection from the forwarders to our index server. There is no new data arriving while a connection between both servers (port 9997) can be verified (lsof -i -P -n | grep ). Do we need to migrate our outputs.conf or anything else?
Best regards Sebastian
Are you seeing any errors in splunkd.log? Errors like this one: http://answers.splunk.com/questions/6943/my-splunk-upgrade-is-failing-with-error-homepath-could-not-...
now we have tried several other version and it seems like the latest 4.0 version (4.0.11) works. btw. linux systems using 4.1.5 are delivering just fine. only windows systems don't deliver at all in 4.1.x
yes thats right. we only create a new outputs.conf on order to connect to the index server via ssl. everything else keeps normal. in fact we are using the same configuration on 4.0.8 and in 4.1.5.
If i understood this correctly you are saying that installing 4.0.8 (brand new) works, but installing 4.1.5 does not? What config files are you using, can you make sure that outputs.conf and inputs.conf have been setup correctly for the 4.1.5 version? It would be helpful to check in your splunkd.log for any errors.
currently we are trying to enable our new inputs.conf (disbales all kinds of WMI indexing) in 4.0.8 to see if the error is within our new configuration.
we cannot see something strange. btw. using the old 4.0.8 make the forwarders deliver again.