Hello,
My problem is that the data I send with the forwarder does not reach splunk.
Here is how I configured the forwarder
First, I started the forwarder
> ./splunk start in $Splunk_Home/bin>
Second, I configure the forwarder to connect to a receiving indexer and configure to connect to a deployment server and try
> ./splunk add forward-server Ip_of_splunk:9997> ./splunk set deploy-poll Ip_of_splunk:8089
Third, I have configured **inputs.conf** to enter the logs I wanted to retrieve
> [monitor:///var/log/secure.log] > index = logcentos > sourcetype = secure >> [monitor:///var/log/httpd/access.log]> index = logapache > sourcetype = acces_log
Four, I configured the firewall
> firewall-cmd --zone=public --add-port=9997/tcp --permanent> firewall-cmd --reload
Five, I restarted the forwarder
> ./splunk restart in $Splunk_Home/bin
when the restart is finished, I'll check the splunk web page and I see that nothing happened about the indexes I just configured.
I check that I didn't make any mistakes when I wrote the names of the indexes but no there is no mistake
I check if the forward-server is "active" and yes is active
So I don't know what the problem is because I have the "same" configuration as for a forwarder in windows which works
Thank you in advance for helping me find solutions
↧