Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Linux Forwarder Shows up Monitor, but Can't add data to Splunk Cloud?

cjwallac35
New Member
‎03-08-2020 07:46 AM

I have installed a universal-forwarder on a Ubuntu Linux box without error, here is some validation:

Splunk list forward-server
Active forwards:
input-prd-p-xxxxxxxxxx.cloud.splunk.com:9997 (ssl)

The forward does show up in monitor, but when I get to add the Forwarder under Settings -> Data. It doesn't show any forwarders available and show the refresh button. I did also download and copy Splunk for Linux under /opt/splunkforwarder/etc/apps/Splunk_TA_linux as first goal is to get performance data into the cloud.

Thank You!

Tags (2)
0 Karma
Reply

anmolpatel
Builder
‎03-08-2020 10:46 PM

Did you enable to configuration ? Read through the "Enable the data and scripted inputs with configuration files" section in the below link.

https://docs.splunk.com/Documentation/AddOns/released/UnixLinux/Enabledataandscriptedinputs

Note on the install, you also need it on the Search Head and Indexers. You may need to raise a Splunk Support ticket for this
https://docs.splunk.com/Documentation/AddOns/released/UnixLinux/Install

0 Karma
Reply

cjwallac35
New Member
‎03-09-2020 02:18 AM

Thank You for your reply!

There is no $SPLUNK_HOME/etc/apps/Splunk_TA_nix/local directory there is a $SPLUNK_HOME/etc/apps/Splunk_TA_linux /default directory. There also is no existing input.conf file, the files available in $SPLUNK_HOME/etc/apps/Splunk_TA_linux /default are:

/opt/splunkforwarder/etc/apps/Splunk_TA_linux/default$ ls -ltr
total 52
-rw-r--r-- 1 splunk splunk 2833 Apr 19 2018 transforms.conf
-rw-r--r-- 1 splunk splunk 1481 Apr 19 2018 tags.conf
-rw-r--r-- 1 splunk splunk 7821 Apr 19 2018 props.conf
-rw-r--r-- 1 splunk splunk 2802 Apr 19 2018 eventtypes.conf
-rw-r--r-- 1 splunk splunk 24647 Apr 19 2018 eventgen.conf
drwxr-xr-x 3 splunk splunk 16 Apr 19 2018 data
-rw-r--r-- 1 splunk splunk 457 Apr 19 2018 app.conf

This is Splunk_TA_linux which in my understanding is different then Splunk Add-on for Unix and Linux, I used Splunk_TA_linux because it didn't require logging a support ticket.

0 Karma
Reply
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...