I used this command to configure splunk forwarder using cli
splunk add monitor d:\logs -Follow-only True
I got no errors but I don't see any changes in my input.conf
I tried add the monitor again and I got a message that monitor is already present.
I can telnet from my forwarder vm to splunk vm over port 9997 and 8089
In my splunkd log file
05-09-2015 04:18:29.694 +0000 ERROR TcpOutputFd - Read error. An established connection was aborted by the software in your host machine.
05-09-2015 04:18:59.702 +0000 ERROR TcpOutputFd - Read error. An established connection was aborted by the software in your host machine.
05-09-2015 04:19:29.708 +0000 ERROR TcpOutputFd - Read error. An established connection was aborted by the software in your host machine.
05-09-2015 04:19:38.075 +0000 WARN TcpOutputProc - Forwarding to indexer group default-autolb-group blocked for 9400 seconds.
05-09-2015 04:19:59.720 +0000 ERROR TcpOutputFd - Read error. An established connection was aborted by the software in your host machine.
I know that firewall on my splunk server allows connections over port 8089 and 9997.
Do I have to configure outgoing firewall on the server running splunk forwarder?
Thanks
... View more