Archive
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Highlighted
Solved! Jump to solution

Using tcp in inputs.conf on a SplunkLightForwarder

kevintelford
Path Finder
‎09-28-2010 11:34 PM

My forwarder:

./etc/system/local/inputs.conf
[tcp:4444]
connection_host = ip

./etc/system/local/outputs.conf
[tcpout]
defaultGroup = index_nodes

[tcpout:index_nodes]
server = 10.1.1.2:5555

My indexer:

./etc/system/local/inputs.conf
[splunktcp://5555]
index = main
sourcetype = kevin

This does not work when my forwarder has the SplunkLightForwarder app enabled. But when I disable it and pretend it's a normal Splunk instance it works. ¿por qué?

Tags (1)
0 Karma
Reply
1 Solution
Highlighted
Solved! Jump to solution

Re: Using tcp in inputs.conf on a SplunkLightForwarder

gkanapathy
Splunk Employee
Splunk Employee
‎09-28-2010 11:57 PM

SplunkLightForwarder disables network inputs. The presumption is that if you're going to send something over the network, send it straight to the indexer rather than passing it thought a LWF. The input can be selectively re-enabled.

Reply
Highlighted
Solved! Jump to solution
Solution

Re: Using tcp in inputs.conf on a SplunkLightForwarder

kevintelford
Path Finder
‎09-29-2010 12:37 PM

So I added the lines which made it work

./etc/system/local/default-mode.conf
[pipeline:tcp]
disabled = false

Would any of the other settings in default-mode.conf effect me, such as pipeline:fifo?

Thanks, K

View solution in original post

0 Karma
Reply