Getting Data In

Splunk forwarder not working

vramali1
New Member

Hello I couldnt see the log files indexed in splunk
Could you please help and mafdetlogindexer is the index name in the remote system.
Is it rightly configured and am i missing something?

Inputs.conf

[monitor:///ngs/app/coecmsd/shared/Cluster/logs/Latest_Log_8888.txt]
index=default
sourcetype=sendcsapplogs

Outputs.conf

[tcpout:mafdetlogindexer]
server = mafdet.corp.apple.com:8888
maxQueueSize = 500KB

Thanks,
-VIjay

Tags (1)
0 Karma

au_chrismor
Path Finder

I hit something very similar sounding, where the receiver simple did not.

The only way around it was do remove the receiver, restart and re-add.

Cheers

0 Karma

Damien_Dallimor
Ultra Champion

Ensure that the receiver port on mafdet.corp.apple.com is configured to listen on 8888 (9997 is the default)

And try something like this in your config files:

inputs.conf

[monitor:///ngs/app/coecmsd/shared/Cluster/logs/Latest_Log_8888.txt] 
index=mafdetlogindexer 
sourcetype=sendcsapplogs
disabled = false

outputs.conf

[tcpout]
defaultGroup = mafdetlogindexer
disabled = false

[tcpout:mafdetlogindexer] 
server = mafdet.corp.apple.com:8888 
maxQueueSize = 500KB
0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

New Release of Federated Search: Bringing Splunk Analytics to More of Your Data

Organizations today are generating more data than ever and storing it across cloud object stores, data lakes, ...

Inside Event Intelligence: How ITSI Turns Network Alerts into Actionable Incidents

Tech Talk Inside Event Intelligence: How ITSI Turns Network Alerts into Actionable Incidents   Correlating ...

Observability Simplified: Combining User Experience, Application Performance & ...

  Tech Talk Network to App: Observability Unlocked   Today’s digital environments span applications, ...