Re: Forwarder Reporting Service is failed issue
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-18-2019 03:25 PM
Greetings!
Unfortunately, that message is not clear enough. However, it usually means one or more of the below.
1. The TE-1425 is unable to reach the TR-800 over TCP port# 9997 (default port but configurable). Perhaps a network trace will provide more info.
2. There is a file corruption on the TE-1425 causing the Splunk forwarder startup to fail. [Unless someone can help fix it via root or hotfix, best solution to this would be to reset the appliance to disjoin it from the grid. Then downgrade it to an older NIOS version, upgrade it to the NIOS version of the grid and join it back to the grid.]
[You could also join it back to the grid without upgrading and the member would auto-sync NIOS from the GM but if the problem lies in the splunk-forwarder.tar.gz package on the GM (which is unlikely), you would be stuck with the same issue again].
3. This is initial setup and you've started the reporting service on the DNS member and reporting server selectively instead of enabling it at Grid Reporting properties. Or you have never started the reporting service on the Grid Master. GM is the certificate authority who is suppose to make and distrubute the certificates to the reproting server, all members and the GM itself for securing the channel using SSL and TLS (in latest versions). Not starting the reporting service on the GM during initial configuration is a bad idea and can mess things up at times.
While I do not know what NIOS version you are on, you may want to login to the CLI of the DNS member and run "show log debug follow" to capture more information and also look at a packet capture.
Best Regards,
Bibin Thomas