Hi ,
I have created indexer{2 indexers] in AWS environment with 2 fowarder and 1 search heads. If I create indexes on a search head/indexers using GUI will the configuration as shown below.
I am not able to send access.log from /opt/log/www*/access.log to web index ,please advice how can i fix it.
However if it put to main index it works but not to any other newly created index .
Search Head
——-------------
/opt/splunk/etc/deployment-apps
[root@ip-172-31-19-169 deployment-apps]# ls -plrt
total 8
-r--r--r-- 1 506 506 307 Jul 10 03:26 README
drwx------ 4 root root 4096 Aug 17 11:06 _server_app_eng_webservers/
[root@ip-172-31-19-169 deployment-ap
/opt/splunk/etc/deployment-apps/_server_app_eng_webservers/local/
[root@ip-172-31-19-169 local]# cat inputs.conf
[monitor:///opt/log]
blacklist = secure.log
disabled = false
index = web
sourcetype = access_combined_wcookie
whitelist = www*
[root@ip-172-31-19-169 local]#
IDX
——
[root@ip-172-31-29-204 etc]# cat ./apps/search/local/indexes.conf
[web]
coldPath = $SPLUNK_DB/web/colddb
coldToFrozenDir = /opt/fozen/web
enableDataIntegrityControl = 0
enableTsidxReduction = 0
homePath = $SPLUNK_DB/web/db
maxDataSize = 300
maxTotalDataSizeMB = 6000
thawedPath = $SPLUNK_DB/web/thaweddb
[root@ip-172-31-29-204 etc]
——
FWD
——
[root@ip-172-31-17-211 www1]# pwd
/opt/log/www1
-rw-r--r-- 1 root root 315210 Aug 17 05:21 access.log
[root@ip-172-31-17-211 www1]#
——
regards
smdasim
Solution :Create indexes and give user roles on search head and indexers as shown below
https://developers.perfectomobile.com/display/TT/Splunk+-+Creating+your+Index
When you say you created the index through the GUI, do you mean on the search head only? Or did you go into the GUI on the indexers as well? You will need to create the index on the indexers or push that out in the indexes.conf in your deployment app.
Kmorris,
I created indexes through GUI from both search head and Indexer . Can you please let me know why this is not wokring and which is best way to accomplish this task for creating indexs and verifiying it is confgured properly.
regards
smdasim
Please find set up details below
SEARCHHEAD(DS) ---> INDEXR1 <------- FWD1 (/opt/log/www1/access.log)
SEARCHHEAD(DS) ---> INDEXER2 <-------FWD2
note :DS=DEPLOYMENT SERVER and SEARCH HEAD ON SAME MACHINE it is only one.