Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why my Index=”main” host=* command no results

holowolf3500
Loves-to-Learn
‎09-09-2023 02:47 PM

I am learning splunk for the first time in my course, I had this task of setting up 4 VMs through VMware workstation , 1 being controller a Centos GUI, and the other 3 being agents centos CLI. I went through the configuration of the VMs they all ping each other fine. I SSH the splunk onto the 4 VMs using mobaxterms. After creating the 9997 port on the controller and saving the port I configured each agent to have their agents ip address forward to the port of my controller. After going through my lab at the last part I had to type in an input Index=”main” host=* | table host | dedup host this had no results I was told if nothing popped up I would to troubleshoot by rebooting my vm and my host system but that didn't fix it would love some insights

image (4).png

Labels (2)
Labels
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎09-10-2023 11:29 PM

Hi

As this sounds like you are asking answer for your course lab I just give pointers to you where you could find the answers.

I suppose that also your course material should give the answer what is missing/wrong on your configuration and how to debug it.

On comment for security. You should never run UF as a root on source node. Also don't use root as a splunk's internal admin user and never use the same password than you have in OS level.

r. Ismo

0 Karma
Reply
Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

New Release | Splunk Cloud Platform 10.1.2507

Hello Splunk Community!We are thrilled to announce the General Availability of Splunk Cloud Platform 10.1.2507 ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

🗣 You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...