i was trying to add a folder to forwarder to read data but its giving me an error ..as your session is invalid. please login.
[root@localhost bin]# ./splunk add monitor /home/user/Desktop/Forward_Data -index my_db
Your session is invalid. Please login
user = admin
password = changeme
I have tried that login credentials but its not working either,
and the forwarder is added already i jus want to send the data form forwarder to indexer
so im trying to add Input (folder) to forwarder to monitor the data
You can reset the admin password like this:
https://answers.splunk.com/answers/834/how-could-i-reset-the-admin-password.html
You really should not be using the CLI manually like this. You should be using a configuration management system or a Deployment Server. If you really must keep the password the same and you must use the CLI, then you can do this:
Stop splunk.
Edit $SPLUNK_HOME/etc/apps/search/local/inputs.conf
Add this to the bottom:
[monitor:///home/user/Desktop/Forward_Data]
index = my_db
Save the file.
Restart Splunk.
You can reset the admin password like this:
https://answers.splunk.com/answers/834/how-could-i-reset-the-admin-password.html
You really should not be using the CLI manually like this. You should be using a configuration management system or a Deployment Server. If you really must keep the password the same and you must use the CLI, then you can do this:
Stop splunk.
Edit $SPLUNK_HOME/etc/apps/search/local/inputs.conf
Add this to the bottom:
[monitor:///home/user/Desktop/Forward_Data]
index = my_db
Save the file.
Restart Splunk.
More over i cannot see local folder in the search folder i could only see default and metadata..
@localhost search]# ls
default metadata
Create a new local
folder (with same owner/permissions as default
).
after creating local folder do i need to create inputs.conf file too ?
Yes, go back to the top. DO NOT edit anything in the default
directory.
I have created the inputs.conf file in local folder and splunkforwarder is started
and I have checked connection with host system by pinging from forwarder everything is fine but when I was checking in the search head i was unable to read any data.
So are you all working now>
the forwarder is added but i was unable to send data from forwarder to indexer ..
Do i need to use this command in the OS where the forwarder is installed or in the OS where Splunk is installed.
What command?
I was checking the command which u mentioned its not working for me, i have installed splunk in Windows and installed forwarder in Linux.
Actually I was trying to send data from forwarder to index, for this i was trying to add a folder( i.e add the path of the folder) to forwarder in linux but im facing a bit difficulty.
What "command I mentioned" do you mean (I do not see that I mentioned any commands)? Is there a reason that you installed the Indexer on Windows?
I mean the path which u mentioned, i was bit confused because u gave "Splunk_home" which i was unable to see where i have installed forwarder. i was able to see only splunkforwarder.
hi raghu0463,
you are trying to add / modify a file (inputs.conf) not a folder.
Actually my forwarder and indexer are in different systems and do I need to edit inputs.conf file for reading data from the particular folder or file and edit outputs.conf file to configure the indexer ip and port no, on forwarder location to send data,
and edit inputs.conf file on indexer system to receive the data from forwarder. could anyone please explain a bit clearly im bit confused, its taking a lot of time for me to do this configuration.
Thank You
you can also manually add the stanza to .../etc/system/local/inputs.conf
vi .../etc/system/local/inputs.conf
[monitor:///home/user/Desktop/Forward_Data]
index = my_db
save the file :wq
restart splunk
You can rename the $SPLUNK_HOME/etc/passswd and restart splunkforwarder which will reset it to the default "changeme" password