Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Forwarder is not forwarding all the files in directory.

kmisaal
New Member
‎03-15-2011 07:08 PM

I have configured a forwarder on Linux and receiver on different Linux box.

After restarting the forwarder I can see only the latest file got forwarded and on receiver only one file is indexed.

However I can see on forwarder there are multiple files got indexed. The data input for forwarder is "monitor file and directory" with the path of logs directory.

This logs directory has multiple log files.

Please let me know why forwarder is not forwarding all the files.

Tags (1)
0 Karma
Reply

LCM
Contributor
‎03-16-2011 07:45 PM

Hard to guess what the problem could be since a part got forwarded though!

Can you investigate following:

  • in the directory you're monitoring: create a new "dummy" file wich consist eg. "Hello World" (does that work - is it being indexed - can you see it on the receiver box)
  • modify one of the existing file with a new entry
  • check splunkd.log
  • netstat -a (although that should work 😉 )
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...