All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk Linux App does not display data

darksky21
Path Finder
‎09-11-2013 09:09 AM

hi i am new to splunk and am testing how the splunk system works. I tried installing the windows app for splunk on my windows 7 PC and the universal forwarder and window TA app on another window server 2008 PC and am able to get and display the data. I installed the Linux App on my windows 7 PC and the Universal forwarder and Linux TA on a Ubuntu but am not able to display the data on my windows 7.

I did:

1)setup receiving on my windows 7 on port 9997

2)Copy the inputs.conf file from the /opt/splunkforwarder/etc/app/SplunkTAnix/default to the /SplunkTAnix/local file

3)have output.conf file at /opt/splunkforwarder/etc/system/local with

[tcpout]
defaultGroup=syslog_index

disabled = false

[tcpout:syslog_index]

server=(my ip address):9997

4) inputs.conf file at /opt/splunkforwarder/etc/system/local with

[default]
host = mysender.local

5) did check the connection using the list forward-server and there is a active connection with the ip and port that i input on my output.conf file

Any help is appreciated thx

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sowings
Splunk Employee
Splunk Employee
‎09-11-2013 09:56 AM

It sounds like you've verified your connectivity between the forwarder and the indexer (windows 7 PC). The next step is to verify the inputs on the forwarders themselves. As I recall, the Unix TA (for the Ubuntu box) doesn't have any of its inputs enabled out of the box. You'd have to pick and choose the ones you want enabled. Note that changes to inputs.conf require restarting the forwarder, so you'll have to do that on the Ubuntu box before you'll see log data in the indexer.

View solution in original post

Reply
Solved! Jump to solution

darksky21
Path Finder
‎09-11-2013 05:45 PM

i checked it the size is 1

0 Karma
Reply
Solved! Jump to solution
Solution

sowings
Splunk Employee
Splunk Employee
‎09-11-2013 09:56 AM

It sounds like you've verified your connectivity between the forwarder and the indexer (windows 7 PC). The next step is to verify the inputs on the forwarders themselves. As I recall, the Unix TA (for the Ubuntu box) doesn't have any of its inputs enabled out of the box. You'd have to pick and choose the ones you want enabled. Note that changes to inputs.conf require restarting the forwarder, so you'll have to do that on the Ubuntu box before you'll see log data in the indexer.

Reply
Solved! Jump to solution

darksky21
Path Finder
‎09-11-2013 06:11 PM

Thanks for the help by default the input.conf is all disabled = 1 so after setting it to 0 it works.

0 Karma
Reply
Solved! Jump to solution

lukejadamec
Super Champion
‎09-11-2013 09:18 AM

First lets make sure you have data.
On your Splunk Indexer, check for data in the OS index.
Manager > Indexes
Look for the OS index and verify that the size and event count are greater than zero.

Reply
Get Updates on the Splunk Community!

Unlock Database Monitoring with Splunk Observability Cloud

  In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and ...

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

At Cisco, purpose isn’t a tagline—it’s a commitment. Cisco’s FY25 Purpose Report outlines how the company is ...

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join us for a live Demo Day at the Cisco Store on January 21st 10:00am - 11:00am PST In the fast-paced world ...