I need help on my Splunk server. I cannot see the host the splunk server.
here is what my setup went:
1) install full splunk on server1. Installed *nix app and verified that it is collecting data.
2) install full splunk on server2. Installed *nix app and verified that it is collecting data.
3) configure receiving on splunk server1 to port 9997.
4) Enabled forwarding on server2.
cd /opt/splunk/bin
./splunk start
./splunk enable app SplunkLightForwarder
./splunk restart
./splunk add forward-server :9997
./splunk restart
5) Opened splunk server1 web but did not see server2.
Please advise, I appreciate your help ,thank you.
Triptrops,
In your step above: "./splunk add forward-server :9997", what is the name/address of the receiving host (i.e. server1) that server2 should use? Note: That IP should go before the :9997.
When you run $SPLUNK_HOME/bin/splunk help add, you will see this example in the output:
./splunk add forward-server bologna:9997
In this case, the system bologna is the receiving host.
Set this correctly, and it will probably work.
Also, as a side note, if you are going to use the SplunkLightForwarder, you will probably be better off using the Splunk Universal Forwarder (a different installation package).
Sean
I enabled the Splunk Universal Forwarder but still the splunk server cannot see it. Am I missing some steps?
Thanks Sean for your immediate response. Actually it was a typographical error.
I did execute this line as:
./splunk add forward-server server1.domain.com:9997
I still cannot see the host.
By the way, what is the difference between the light and the universal forwarder.
Thanks