It seems like port 9997 is closed on my network. At this time of year, I cannot get someone to determine if it is working or not. iptables doesn't block this port on either machine (the client forwarder that I want to get working or the Splunk server). I installed telnet on both machines. It seems like port 9997 isn't working. However, a splunk client is working (and connecting to the splunk server). I want to get a second client working.
On the forwarder I want to get working for the first time, the output of this command (from /opt/splunkforwarder/bin/) is nothing:
# ./splunk cmd btool output list --debug
The output of this command from /opt/splunkforwarder/bin/,
# ./splunk cmd btool inputs list splunktcp --debug
is as follows:
/opt/splunkforwarder/etc/apps/SplunkUniversalForwarder/default/inputs.conf [splunktcp]
/opt/splunkforwarder/etc/system/default/inputs.conf _rcvbuf = 1572864
/opt/splunkforwarder/etc/system/default/inputs.conf acceptFrom = *
/opt/splunkforwarder/etc/system/default/inputs.conf connection_host = ip
/opt/splunkforwarder/etc/system/local/inputs.conf host = cooltest.domainName.cloud
/opt/splunkforwarder/etc/system/default/inputs.conf index = default
/opt/splunkforwarder/etc/apps/SplunkUniversalForwarder/default/inputs.conf route = has_key:tautology:parsingQueue;absent_key:tautology:parsingQueue
What should I do?
@mods: When I tried to respond to martin's comment about talking to networking people, I got this error: "We're sorry, but you do not have enough permissions to post a comment.
If you believe this to be in error, contact your system administrator."
... View more