Hi all,
I successfully forward data from Windows using the command
msiexec.exe /i splunkuniversalforwarder_x86.msi RECEIVING_INDEXER="indexer1:9997" WINEVENTLOG_SEC_ENABLE=1 WINEVENTLOG_SYS_ENABLE=1 AGREETOLICENSE=Yes /quiet
from Install a Windows universal forwarder .
The same for Linux with the command
./splunk add monitor /var/log
from Configure the universal forwarder using configuration files .
Both works fine and I can see the hosts in the Data Summary as visible in the following figure.
If I instead set up the input in the local "inputs.conf" file after basic installation like
[perfmon://LocalPhysicalDisk]
interval = 10
object = PhysicalDisk
counters = Disk Bytes/sec; % Disk Read Time; % Disk Write Time; % Disk Time
instances = *
disabled = 0
index = winfwtestinger
for example and assign a specific index, I can see that data is ingested if I search for the specific index but they will not appear in the Data Summary. I would be very happy about any suggestion what I am doing wrong here.
Best regards
this should be tested. maybe i will give it a try today evening.
well, looks like the developers made some basic errors.. even if we raise support ticket for this, splunk would consider this as low priority ticket.