Hoping someone can help me out here:
I have a system with a heavy forwarder installed (v.4.1.6) that shows the following event repeatedly (at last count 150k+)
I think it has something to do with a bad input the configurations are standardized an look correct. I have also reinstalled the splunk package with no luck. Connectivity between the client and the indexer is OK ; I can port 9997 is open and clear.
Kate - am not sure this may solve it - but have you checked that host's IP address and / or name are set up correctly? Probably a daft question if its a major server out there ;-)
answered 26 Sep '12, 06:01