Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Highlighted
Solved! Jump to solution

How do I get the *nix app on the indexer to include the forwarded *nix data.

labrat
New Member
‎02-18-2011 11:29 PM

I have the unix machines forwarding *nix recordes. I can use search to view the records.

How do get the *nix application on the indexer to include those records. I all I see is the local *nix records.

Tags (1)
0 Karma
Reply
1 Solution
Highlighted
Solved! Jump to solution
Solution

Re: How do I get the *nix app on the indexer to include the forwarded *nix data.

LCM
Contributor
‎02-19-2011 12:35 AM

Is your forwarder & receiver properly working?

If not you may check these out first:

View solution in original post

Reply
Highlighted
Solved! Jump to solution

Re: How do I get the *nix app on the indexer to include the forwarded *nix data.

labrat
New Member
‎02-19-2011 12:42 AM

I did spend some time looking through this documentation. I may have misunderstood something.

I am using the lightweight forwarder, is that OK.

0 Karma
Reply
Highlighted
Solved! Jump to solution

Re: How do I get the *nix app on the indexer to include the forwarded *nix data.

LCM
Contributor
‎02-21-2011 02:21 PM

Yes, it works with a lightweight forwarder!

Check the connection on forwarder:

* grep "Connected to /opt/splunk/var/log/splunk/splunkd.log

Check the connection on the indexer:

* grep "Connection accepted from /opt/splunk/var/log/splunk/splunkd.log
Reply