Hi everyone,
I am currently trying to run the Universal Forwarder for Linux ARM on a Raspberry Pi 2 Model B with an arch linux installed. I want to forward the data to Splunk Cloud, however, I'm having connection problems. Does the Universal Forwarder for Linux ARM work with splunk cloud?
Here is what is installed:
[root@raspi splunk]# cat /proc/version
Linux version 3.18.8-1-ARCH (builduser@leming) (gcc version 4.9.2 20141224 (prerelease) (GCC) ) #1 SMP PREEMPT Fri Feb 27 19:37:26 MST 2015
My splunkd.log contains the following (many lines with the same):
[root@raspi splunk]# tail splunkd.log
01-14-2016 12:35:04.697 +0000 ERROR TcpOutputFd - Connection to host=xxx.xxx.xxx.xxx:9997 failed. sock_error = 104. SSL Error = error:00000000:lib(0):func(0):reason(0)
01-14-2016 12:35:04.706 +0000 ERROR TcpOutputFd - Read error. Connection reset by peer
The universal forwarder credentials splunkclouduf.spl are installed. For testing I am monitoring the directory /opt/splunkforwarder/var/log/
Compare the output of list monitor:
[root@raspi splunk]# /opt/splunkforwarder/bin/splunk list monitor
Monitored Directories:
$SPLUNK_HOME/var/log/splunk/splunkd.log
/opt/splunkforwarder/var/log/splunk/audit.log
/opt/splunkforwarder/var/log/splunk/btool.log
...
$SPLUNK_HOME/var/spool/splunk/...stash_new
Monitored Files:
$SPLUNK_HOME/etc/splunk.version
I am also running the Splunk Universal Forwarder Version 6.3.2 on a "normal" Linux (Debian) machine. There it works without problems.
Any help is appreciated! Let me know if you need any more output...
... View more