Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to get the diag files with debug files of the UF and the HF?

raghunandan1
Engager
‎02-15-2024 01:19 PM

Log ingesting intermittently We could not find the path referenced . We have Univerasal forwarder is Windows server and Heavy forwarder is *nix server. How to get the diag files with debug enable of the UF and the HF?

Can you please provide the detailed explanation with commands

0 Karma
Reply

SanjayReddy
SplunkTrust
SplunkTrust
‎02-15-2024 07:46 PM

Hi  

you can enable debug mode for splunkd.log file before taking diag. 

Enable debug logging on all of splunkd.log

Splunk software has a debugging parameter (--debug) that you can use when you start Splunk software from the CLI in *nix. This command outputs logs to the $SPLUNK_HOME/var/log/splunk/splunkd.log file.

This option is not available on Windows. To enable debugging on Splunk software running on Windows, enable debugging on a specific processor. See Enable debug logging in Splunk Web or Enable debug logging using log.cfg.

  • Navigate to $SPLUNK_HOME/bin.
  • Stop the Splunk platform instance, if it is running.
  • Save your existing splunkd.log file by renaming it, like splunkd.log.old.
  • Restart the instance in debug mode with splunk start --debug.
  • When you notice the problem, stop the instance.
  • Move the new splunkd.log file elsewhere and restore the old file.
  • Stop or restart the instance normally (without the --debug flag) to disable debug logging.

    Not all messages marked WARN or ERROR indicate actual problems with Splunk software; some indicate that a feature is not being used.


    for splunk diag run following command 


    *nix example Windows example 
    ./splunk diag
    splunk diag
  •  
  •  
  •  
  •  
  •  
  •  

@raghunandan1

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...