Hi,
I have a setup in which the deployment server pushes the Splunk_TA_NIX add-on, Splunk unix app and JMX add-on to the deployment client, but the data is not flowing in.
1) Which logs should I check? Do the apps/add-ons have a separate log file, or are they included in the splunkd.log?
2) Which terms should I use to filter out the app and add-on logs from the splunkd.log?
Thanks,
Deepak
Are you sending the deployment clients logs back to your indexer(s)?
If so, check the _internal index for clues.
"index=_internal error"
might be a good start.
Are you sending the deployment clients logs back to your indexer(s)?
If so, check the _internal index for clues.
"index=_internal error"
might be a good start.