Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

UF needs to be restarted every time to get data

vikram_m
Path Finder
‎12-12-2017 06:34 AM

We have configured our UFs to send data from a particular folder.

But every time the UF need to be stopped and started again after which it starts sending data.

I am also surprised why this is the kind of behavior as it is not feasible idea to restart the services every time whenever we want to get data into Splunk.

0 Karma
Reply

skoelpin
SplunkTrust
SplunkTrust
‎12-12-2017 06:48 AM

What does /opt/splunkforwarder/var/log/splunk/splunkd.log on the UF say?

0 Karma
Reply

micahkemp
Champion
‎12-12-2017 06:44 AM

Splunk requires a restart when making changes to inputs (or other index-time configurations) are made. There is some documentation on this, but I didn't see any reference to input changes specifically. I have submitted feedback that it be included.

Edit: this answer assumes you are referencing adding new data to splunk, not just when new files are made available that should already be handled by an existing input.

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...