Data doesnt show up on the screen

fkaanuslu · ‎08-19-2021

Hi I have two linux virtual machines and i am trying to use splunk forwarder one linux to another. I am getting that "waiting for the results problem".

How can i fix this ?

Thnx a lot

SanjayReddy · ‎08-22-2021

@fkaanuslu

Can you search for data in search and reporting on search head using following query

source=/var/log/auth.log if you are not able to see any data

run following command on forwarder where inputs configured to check active outputs configuration

/opt/splunkforwarder/bin/splunk list forward-server
it might ask to enter splunk admin crdentials

One doubt from my side

IP that you configured to send the data is indexer/search head or forwarder?.

if you tryitng to send the data to another forwader you wont be able to see any data on forwarder, you need to search data in splunk search head

isoutamo · ‎08-23-2021

Hi

you could list all your monitors on UF with command:

splunk list monitor

When you want to see status of those in UF you can see it with commands:

splunk list inputstatus |egrep -A5 '/var/log/auth.log'

r. Ismo

richgalloway · ‎08-19-2021

Is the forwarder running? Is it configured? What is in outputs.conf?

Don't waste your time with the Data Summary screen. Go to the Search & Reporting app and run a search to find the data.

---
If this reply helps you, Karma would be appreciated.

Data doesnt show up on the screen

universal forwarder

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms