Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk forwarder in EC2 not reaching the indexer

mirceaned
New Member
‎05-31-2018 04:43 PM

I've installed splunk forwarder inside a Docker container and when I use a local VM I am able to see the events coming in the Indexer page.
However, when deploying the container on an EC2 instance, there are 0 events being generated.
Is there any special configuration needed for EC2 case?

One difference I spotted in the logs is that the non working install had this additional line in splunkd.log file.
I could not find any other errors/warnings compared to the working case.
I cannot attach the full log because I don't have enough points.

05-31-2018 22:59:15.477 +0000 INFO TailReader - tailreader0 waiting to be un-paused

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Brute Force Account Takeover Fraud with Splunk

This article is the second in a three-part series exploring advanced fraud detection techniques using Splunk. ...

Buttercup Games: Further Dashboarding Techniques (Part 9)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Buttercup Games: Further Dashboarding Techniques (Part 8)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
Top