I have a setup in which the deployment server pushes the SplunkTANIX add-on, Splunk unix app and JMX add-on to the deployment client, but the data is not flowing in.
1) Which logs should I check? Do the apps/add-ons have a separate log file, or are they included in the splunkd.log?
2) Which terms should I use to filter out the app and add-on logs from the splunkd.log?
Are you sending the deployment clients logs back to your indexer(s)?
If so, check the internal index for clues.
`"index=internal error"` might be a good start.
View solution in original post