Deployment Architecture

linux logs to splunk

New Member

Hi Friends,

I am trying to add Linux logs in Splunk, Created server class and added the app details. completed all the basic steps but still i cant find the data in splunk head . below you can find the sample logs from server. Anyone please suggest me config file for the same .

Sample log format :

01:00:07.703 STATUS: TRelease: TRACK: 201907160100NASDAQ_NDE__1000252590 en-synd1_0_3001.hld being marked ready for delivery.
01:00:07.703 STATUS: TRelease: TRACK: Leaving shm_keydist_check_response(): re ady count = 1
01:00:07.703 STATUS: TRelease: TRACK: 1 responses are ready to process.
01:00:07.703 STATUS: TRelease: TRACK: Preparing release files for 201907160100 NASDAQ
NDE____1000252590_en-synd1_0_3001.hld. Received all 1 replies back.
01:00:07.704 STATUS: TRelease: TRACK: prepare_release_list()
01:00:07.704 STATUS: TRelease: TRACK: add_in_serials() Added 2 serial numbers
01:00:07.704 STATUS: TRelease: TRACK: Serial 3001: delivered release file: 201 907160100NASDAQ
01:00:07.706 STATUS: TRelease: TRACK: Serial 3002: delivered release file: 201 907160100NASDAQ
01:00:07.707 STATUS: TRelease: TRACK: shm_keydist_clear_slot_by_id(0) - 201907 160100NASDAQ
01:00:07.794 STATUS: TsynDg1-1: TRACK: shm_keydist_update_sent() - 2019071601 00NASDAQ
01:00:07.794 STATUS: TsynDg1-1: TRACK: find_slot_by_filename(201907160100NASDA

0 Karma


Which apps have you included in the server class? Do any of them include inputs.conf? What are the inputs.conf settings? Is there an outputs.conf that tells the forwarder where the indexers are? Have you verified the apps are installed on the forwarder?

If this reply helps you, Karma would be appreciated.
0 Karma

New Member

Hi niranjan28,
can you please describe your setup?
Is there a Splunk Universal Forwarder sending data to your Indexer?
If yes: Does it get listed in your Monitoring Console correctly?
Kind regards,

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Unified Identity - Now Available for Existing Splunk ...

Raise your hand if you’ve already forgotten your username or password when logging into an account. (We can’t ...

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...