Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Highlighted

where are processor=send-out-light-forwarder or tcp-output-light-forwarder defined?

wang
Path Finder
‎01-14-2011 07:26 PM

I think I am running a regular forwarder but I see these in the metrics.log:

01-12-2011 01:29:21.021 INFO Metrics - group=pipeline, name=parsing, processor=send-out-light-forwarder, cpu_seconds=0.000000, executes=36, cumulative_hits=221543

01-12-2011 01:29:21.021 INFO Metrics - group=pipeline, name=parsing, processor=tcp-output-light-forwarder, cpu_seconds=0.000000, executes=36, cumulative_hits=221543

Where are the configurations for processor=send-out-light-forwarder or tcp-output-light-forwarder? I think this is why my event data filtering is not working.

I start splunk by:

./splunk enable app SplunkForwarder

That should start the regular, not light, forwarder, right?

Tags (1)
0 Karma
Reply
Highlighted

Re: where are processor=send-out-light-forwarder or tcp-output-light-forwarder defined?

jkerai
Splunk Employee
Splunk Employee
‎01-15-2011 07:27 PM

tcp-output-light-forwarder and send-out-light-forwarder are defined in modules/parsing/config.xml. tcp-output-light-forwarder and send-out-light-forwarder processor are disabled in regular forwarder, but enabled in SplunkLightForwarder.

For regular forwarder, you don't need to enable any app(You should disable SplunkForwarder).

Reply