I am trying to forward only CPU/Memory load log to the indexer. Here is what I've done so far:
Here's my question:
I will appreciate if someone gives me step by step instruction to configure settings:
I am seeing the error message says like the following from forwarder's web UI
! Tcp outout pipeline blocked. Attempt '18600'to insert data failed
! skipped indexing of internal audit even will keep dropping events until indexer congestion is remedied.
Are theses related to the connection between indexer and forwarder?
Install the deployment monitor app from here:
more over you can know from host=* command will give you the number of hosts which forwarded the data. Restart the indexer if the issue persists, happens due to busy splunkd or network blockages.
View solution in original post