where are processor=send-out-light-forwarder or t...

wang · ‎01-14-2011

I think I am running a regular forwarder but I see these in the metrics.log:

01-12-2011 01:29:21.021 INFO Metrics - group=pipeline, name=parsing, processor=send-out-light-forwarder, cpu_seconds=0.000000, executes=36, cumulative_hits=221543

01-12-2011 01:29:21.021 INFO Metrics - group=pipeline, name=parsing, processor=tcp-output-light-forwarder, cpu_seconds=0.000000, executes=36, cumulative_hits=221543

Where are the configurations for processor=send-out-light-forwarder or tcp-output-light-forwarder? I think this is why my event data filtering is not working.

I start splunk by:

./splunk enable app SplunkForwarder

That should start the regular, not light, forwarder, right?

jkerai · ‎01-15-2011

tcp-output-light-forwarder and send-out-light-forwarder are defined in modules/parsing/config.xml. tcp-output-light-forwarder and send-out-light-forwarder processor are disabled in regular forwarder, but enabled in SplunkLightForwarder.

For regular forwarder, you don't need to enable any app(You should disable SplunkForwarder).

where are processor=send-out-light-forwarder or tcp-output-light-forwarder defined?

AppDynamics Summer Webinars

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Are you a member of the Splunk Community?

where are processor=send-out-light-forwarder or tcp-output-light-forwarder defined?

AppDynamics Summer Webinars

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor