Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Forwarded events are showing on CLI output during CLI search operation.

sivakumar_inbox
Engager
‎04-22-2010 11:19 AM

I had configured splunk forwarder and receiver in a Linux system as per the Admin manual. I tried searching the forwarded events in the CLI screen using "host" flag. The search returns no data in the CLI. What should I do to get the events in the receiver server? Can you please help?

Tags (1)
Reply

Simeon
Splunk Employee
Splunk Employee
‎04-26-2010 07:14 PM

You should be searching based on the host value you specified for the input data. The above metrics.log event only confirms that data has been sent, and there is only a very small amount (5k). Typically, you can search for your data based on the host, source, or sourcetype. So utilizing a wildcarded search with the source name (timerange over all-time) might be a way to find your data. Another possibility is that your events are so small that Splunk has not filled the buffer queue. In that case, you should try sending a complete log file.

0 Karma
Reply

sivakumar_inbox
Engager
‎04-22-2010 02:01 PM

I can see the events in the metrics.log. I am not understanding why the search results are not shown in the CLI output? Below is the output of metrics.log on receiver server.

04-22-2010 19:23:37.048 INFO Metrics - group=tcpin_connections, 192.168.1.200:32945:9997, connectionType=cooked, sourcePort=32945, sourceHost=192.168.1.200, sourceIp=192.168.1.200, destPort=9997, _tcp_Bps=6.39, _tcp_KBps=0.01, _tcp_avg_thruput=0.02, _tcp_Kprocessed=5.00, _tcp_eps=0.03

0 Karma
Reply
Get Updates on the Splunk Community!

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...