Deployment Architecture

linux logs to splunk

New Member

Hi Friends,

I am trying to add Linux logs in Splunk, Created server class and added the app details. completed all the basic steps but still i cant find the data in splunk head . below you can find the sample logs from server. Anyone please suggest me config file for the same .

Sample log format :

01:00:07.703 STATUS: TRelease: TRACK: 201907160100NASDAQ_NDE__1000252590 en-synd1_0_3001.hld being marked ready for delivery.
01:00:07.703 STATUS: TRelease: TRACK: Leaving shm_keydist_check_response(): re ady count = 1
01:00:07.703 STATUS: TRelease: TRACK: 1 responses are ready to process.
01:00:07.703 STATUS: TRelease: TRACK: Preparing release files for 201907160100 NASDAQ
NDE____1000252590_en-synd1_0_3001.hld. Received all 1 replies back.
01:00:07.704 STATUS: TRelease: TRACK: prepare_release_list()
01:00:07.704 STATUS: TRelease: TRACK: add_in_serials() Added 2 serial numbers
01:00:07.704 STATUS: TRelease: TRACK: Serial 3001: delivered release file: 201 907160100NASDAQ
01:00:07.706 STATUS: TRelease: TRACK: Serial 3002: delivered release file: 201 907160100NASDAQ
01:00:07.707 STATUS: TRelease: TRACK: shm_keydist_clear_slot_by_id(0) - 201907 160100NASDAQ
01:00:07.794 STATUS: TsynDg1-1: TRACK: shm_keydist_update_sent() - 2019071601 00NASDAQ
01:00:07.794 STATUS: TsynDg1-1: TRACK: find_slot_by_filename(201907160100NASDA

0 Karma


Which apps have you included in the server class? Do any of them include inputs.conf? What are the inputs.conf settings? Is there an outputs.conf that tells the forwarder where the indexers are? Have you verified the apps are installed on the forwarder?

If this reply helps you, Karma would be appreciated.
0 Karma

New Member

Hi niranjan28,
can you please describe your setup?
Is there a Splunk Universal Forwarder sending data to your Indexer?
If yes: Does it get listed in your Monitoring Console correctly?
Kind regards,

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Customer Survey!

If you use Splunk Observability Cloud, we invite you to share your valuable insights with us through a brief ...

Happy CX Day, Splunk Community!

Happy CX Day, Splunk Community! CX stands for Customer Experience, and today, October 3rd, is CX Day — a ...

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

We’re excited to announce a new Splunk certification exam being released at .conf23! If you’re going to Las ...