Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to troubleshoot why no events are getting indexed in Splunk 6.3.1 on Linux CentOS 6.7?

vad34
Path Finder
‎12-21-2015 04:52 AM

Hello guys,

I have new Splunk 6.3.1 installation on Centos 6.7.
After installation, there are no events coming to Splunk. I reinstalled Splunk, but still no data..
I configured data inputs and the index, but with no luck.
Another installation with Splunk 6.2.3 on Linux CentOS 6.6 works fine.

Any ideas?
Tnx in advance

0 Karma
Reply

dgrubb_splunk
Splunk Employee
Splunk Employee
‎12-21-2015 06:51 AM

Using the Splunk admin account, verify first that you see data being ingested on the indexer e.g. splunkd.log from the indexer.

index=_internal source=*splunkd.log

If you are getting data here the indexer is ingesting data from its own local monitors. Since it is new install next check to ensure you have configured a receiving port. So other Splunk instances can send data to the indexer.

0 Karma
Reply

vad34
Path Finder
‎12-21-2015 07:47 AM

Tnx for the reply, yes the data indexed on internal source and i am able to see local linux logs.
When it comes to Win & Linux remote machine i got NO data events.
I installed splunk 6.2.3 instead splunk 6.3.1 but still the same issue (

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk App for Anomaly Detection End of Life Announcment

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...