Hi Splunk Team,
We have installed splunk tool on a windows server 2003 machine say A and Splunk forwarder on another windows server 2008R2 machine say B. Following default ports have been opened between them. 9997,8089 ,8000
The above ports are opened only as outbound connectivity from source to destination.
We have checked the input and output configuration files too. However we are still unable to detect the forwarder in the splunk tool.
Please see the below conf files and snapshot of log files too. Let us know if anything else is required.
Input.conf (splunk from Machine A)
[default]
host = <machine A>
# added from below
[tcp://<machine B IP >:9997]
disabled = 0
`[tcp]
acceptFrom=*
connection_host=ip`
Pls see error msg in splunkd log from machine B where forwarder is installed.
03-20-2013 10:25:19.465 -0400 WARN DeploymentClient - Unable to send handshake message to deployment server. Error status is: rejected
03-20-2013 10:25:31.477 -0400 WARN DeploymentClient - Unable to send handshake message to deployment server. Error status is: rejected
03-20-2013 10:25:43.490 -0400 WARN DeploymentClient - Unable to send handshake message to deployment server. Error status is: rejected
03-20-2013 10:25:55.502 -0400 WARN DeploymentClient - Unable to send handshake message to deployment server. Error status is: rejected
03-20-2013 10:26:07.514 -0400 WARN DeploymentClient - Unable to send handshake message to deployment server. Error status is: rejected
03-20-2013 10:26:16.702 -0400 WARN PubSubConnection - Cannot convert str: to a valid status, returning eRejected.
Please HELP. Thanks in advance.
Thanks
Shivanshu
... View more