cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
vladimirc
Explorer
Member since: ‎11-21-2011
‎06-05-2020
Community Statistics
Posts 4
Solutions 1
Karma Given 0
Karma Received 0
Member Since ‎11-21-2011
Activity Feed
View All

Re: Setting up Windows Splunk to accept universal ...

by in Getting Data In
‎11-22-2011 04:24 AM
‎11-22-2011 04:24 AM
Not entirely sure what the issue was, I suspect setting up the deployment server/client part was interfering with the rest of the settings. I have opted for a reinstall of the forwarder and now everything is working. ... View more

Re: Setting up Windows Splunk to accept universal ...

by in Getting Data In
‎11-22-2011 02:33 AM
‎11-22-2011 02:33 AM
Hello and thank you for your reply. I have followed the steps and there still seems to be an issue: INFO TcpOutputProc - Connected to idx=10.6.17.101:9997 WARN PubSubConnection - Cannot convert str: to a valid status, returning eRejected. INFO TcpOutputProc - Connected to idx=10.6.17.101:9997 INFO TcpOutputProc - Connection to 10.6.17.101:9997 closed. Read error. An established connection was aborted by the software in your host machine. Any clues on what could trigger these messages? Can I provide more information? ... View more

Re: Setting up Windows Splunk to accept universal ...

by in Getting Data In
‎11-22-2011 02:30 AM
‎11-22-2011 02:30 AM
No, I didn't. I am just trying to forward logs from a machine (using Splunk forwarder) to the main installation (which also has the Splunk web searcher/etc). Am I looking at the wrong log? Or have I setup something wrong? ... View more

Setting up Windows Splunk to accept universal forw...

by in Getting Data In
‎11-21-2011 04:16 AM
‎11-21-2011 04:16 AM
My setup is a single forwarder sending logs to a Splunk server. Both machines are running Windows 2008. After editing configuration files, I managed to get my forwarder's log to say: 11-21-2011 12:30:17.921 +0200 WARN DeploymentClient - Unable to send handshake message to deployment server. Error status is: rejected Obviously, in my "main" Splunk server, I only see one PC in sources. My question is, how do I setup my Splunk to accept and parse the logs sent by the universal forwarder? I have no problem using both a text editor to edit files manually or the web interface. Thank you ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM