Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Windows 2003 Event Logs

diegosainz
Path Finder
‎11-08-2012 11:48 AM

I am able to gather Windows 2008 logs with no problems, but when I add a forwarder to a Windows 2003 box I get no logs. Any input?

Diego

0 Karma
Reply

diegosainz
Path Finder
‎11-08-2012 12:06 PM

Thank you for the quick response. I have validated that I am getting data by having the windowsupdate.log being sent successfully from the same systems through the forwarder to the indexer.

0 Karma
Reply

Voltaire
Communicator
‎11-08-2012 12:02 PM

This is a broad question, however I will attempt to provide the main points I review when a forwarder does not work. Pardon any redundant questions. Did you configure the forwarder to send data to the main indexer through a specific tcp port? For Example under forwarding , click new forwarder, add "mysplunkforwarder.com:9999" Is there a corresponding port configured on your main indexer ? Is that TCP port available on your servers? Did you change the license on the forwarder to use the main indexer license? Did you specify an index to use with your data inputs or accept the default? Did you enable lightweight forwarding and restart Splunk after you verified the configuration? Can use use netstat -an to see if the connection was established? Any firewalls running?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Analytics Workspace deprecation

As of Splunk Cloud Platform 10.4.2604 and Splunk Enterprise 10.4, Analytics Workspace is now deprecated. ...

Splunk Developer Day Recap: Building, Publishing, and Growing on the Splunk Platform

Splunk Developer Day brought the Splunk developer community together for a practical look at what it means to ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...