I have the problem, that the TCP listener on indexer xxpu031 answered not all connections. In the TCP dump below, the connection requests from ixpw021 are not answered, the connection requests from ixpw031 are answered.
In the input.conf are no restrictions. The TCP listener listen on all interfaces. There are no errors in the splunkd.log.
# tcpdump -i eth0 host ixpw021 and port 9997
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
09:48:12.644614 IP ixpw021.inventx.ch.61885 > xxpu031.inventx.ch.9997: S 176421035:176421035(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
09:48:18.694549 IP ixpw021.inventx.ch.61885 > xxpu031.inventx.ch.9997: S 176421035:176421035(0) win 8192 <mss 1460,nop,nop,sackOK>
09:48:39.648615 IP ixpw021.inventx.ch.61890 > xxpu031.inventx.ch.9997: S 773549642:773549642(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
09:48:42.640417 IP ixpw021.inventx.ch.61890 > xxpu031.inventx.ch.9997: S 773549642:773549642(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
09:48:48.646348 IP ixpw021.inventx.ch.61890 > xxpu031.inventx.ch.9997: S 773549642:773549642(0) win 8192 <mss 1460,nop,nop,sackOK>
# tcpdump -i eth0 host ixpw031 and port 9997
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
09:49:32.459160 IP ixpw031.inventx.ch.61019 > xxpu031.inventx.ch.9997: S 3801163340:3801163340(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
09:49:32.459175 IP xxpu031.inventx.ch.9997 > ixpw031.inventx.ch.61019: S 3807617395:3807617395(0) ack 3801163341 win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 7>
09:49:32.459604 IP ixpw031.inventx.ch.61019 > xxpu031.inventx.ch.9997: . ack 1 win 256
09:50:02.464550 IP ixpw031.inventx.ch.61019 > xxpu031.inventx.ch.9997: F 1:1(0) ack 1 win 256
09:50:02.464588 IP xxpu031.inventx.ch.9997 > ixpw031.inventx.ch.61019: . ack 2 win 46
09:50:02.464662 IP xxpu031.inventx.ch.9997 > ixpw031.inventx.ch.61019: F 1:1(0) ack 2 win 46
09:50:02.464974 IP ixpw031.inventx.ch.61019 > xxpu031.inventx.ch.9997: . ack 2 win 256
09:50:02.466847 IP ixpw031.inventx.ch.51026 > xxpu031.inventx.ch.9997: P 429:858(429) ack 1 win 256
09:50:02.466855 IP xxpu031.inventx.ch.9997 > ixpw031.inventx.ch.51026: . ack 858 win 501
09:50:02.467182 IP ixpw031.inventx.ch.61021 > xxpu031.inventx.ch.9997: S 2401879704:2401879704(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
09:50:02.467195 IP xxpu031.inventx.ch.9997 > ixpw031.inventx.ch.61021: S 3841597957:3841597957(0) ack 2401879705 win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 7>
09:50:02.467550 IP ixpw031.inventx.ch.61021 > xxpu031.inventx.ch.9997: . ack 1 win 256
# more inputs.conf
[default]
host = xxpu031s.inventx.ch
[splunktcp:9997]
[udp://514]
disabled = false
connection_host = dns
sourcetype = syslog
# netstat -an | grep LIST
tcp 0 0 0.0.0.0:9997 0.0.0.0:* LISTEN
... View more