This is for troubleshooting of our Splunk Enterprise and/or Splunk universal forwarder. We have missing logs on two of our servers, Splunk universal forwarder is installed on the said two servers, config files are okay. We performed initial troubleshooting and the results are the following:
1. The connectivity from the two servers are established both in our DS and HF and yet we still haven't got any logs
2. The log file is right and currently active during this time
3. Configs on inputs and outputs are also proper
We are not sure what seems to be the problem here and hopefully someone on Splunk community can help. I have also shared the diag file on the two servers.
https://drive.google.com/open?id=0Bx_oXq4bXGfyREg5VzNmVmlUWE0
Thanks in advance.
↧