I have the unix machines forwarding *nix recordes. I can use search to view the records.
How do get the *nix application on the indexer to include those records. I all I see is the local *nix records.
Is your forwarder & receiver properly working?
If not you may check these out first:
View solution in original post
Yes, it works with a lightweight forwarder!
Check the connection on forwarder:
* grep "Connected to /opt/splunk/var/log/splunk/splunkd.log
Check the connection on the indexer:
* grep "Connection accepted from /opt/splunk/var/log/splunk/splunkd.log
I did spend some time looking through this documentation. I may have misunderstood something.
I am using the lightweight forwarder, is that OK.
