Getting Data In

How to edit my configuration files to index nginx data in Splunk?

New Member

I have set up a new server, and I'm trying to get nginx access logs into splunk. This is not working.
These are my config files:

cat inputs.conf

disabled = false
sourcetype = access

disabled = false
sourcetype = error

host =hostname



clientName = qpp-nginx

targetUri = hostname:8089

I am not seeing any errors in the Splunk logs, although the Splunk agent is running

Splunk btool check reports, but detects no errors

If I do a search for sourcetype=access.log nothing comes up, neither host="ip address" or host="hostname"

0 Karma

Splunk Employee
Splunk Employee

try btool with debug:


inputs list monitor:///var/log/nginx/error.log --debug

and also try

inputs list monitor:///var/log/nginx/error.log --debug | grep

0 Karma

Splunk Employee
Splunk Employee

Examples of outputs.conf
The following outputs.conf example contains three stanzas for sending data to Splunk receivers.

Global settings. In this example, there is one setting, to specify a defaultGroup.
Settings for a single target group consisting of two receivers. Here, we specify a load-balanced target group consisting of two receivers.
Settings for one receiver within the target group. In this stanza, you can specify any settings specific to the mysplunk_indexer1 receiver.

server=mysplunk_indexer1:9997, mysplunk_indexer2:9996


0 Karma


Hello @marcrsplunk,

change the receiver (tcpout-server) port. 8089 is the splunkd port that is used for inter-splunk communication, not for receiving.

check on the splunk indexer which port is used for listener:

splunk display listen

if you see "receiving is disable" then you need to enable it with:

splunk enable listen 9997

or using UI.

Let me know if it works for you.

Good luck!

0 Karma
Get Updates on the Splunk Community!

Announcing General Availability of Splunk Incident Intelligence!

Digital transformation is real! Across industries, companies big and small are going through rapid digital ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...