- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi,
can you please tell me what is the right way to btool inputs.conf for a specific app context. I want to troubleshoot this error that is too much in my splunk search head messages notification : Received index from dleeted/missing/unconfigured indexes. I read previous blogs: it says your inputs.conf is sending data to an indx that doesnt exist
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@shraddhamuduli
Login to the UF which you have got that error message and execute below command,
$SPLUNK_HOME$/bin/splunk btool inputs list --debug
Then find the stanza.
Below are the links which will be helpful to you,
https://www.splunk.com/blog/2012/10/02/tips-and-tricks-for-the-new-guy.html
https://docs.splunk.com/Documentation/Splunk/6.6.3/Troubleshooting/Usebtooltotroubleshootconfigurati...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@shraddhamuduli
Login to the UF which you have got that error message and execute below command,
$SPLUNK_HOME$/bin/splunk btool inputs list --debug
Then find the stanza.
Below are the links which will be helpful to you,
https://www.splunk.com/blog/2012/10/02/tips-and-tricks-for-the-new-guy.html
https://docs.splunk.com/Documentation/Splunk/6.6.3/Troubleshooting/Usebtooltotroubleshootconfigurati...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thanks . by uf , do u mean this path in our deployment server right ?
/opt/splunk/etc/deployment-apps/
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I meant Universal Forwarder. /opt/splunk/splunkuniversalforwarder/bin
