Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

check a forwarder is working.

kristiaan_d
Explorer
‎02-02-2011 02:35 PM

Hi can someone tell me how i check that splunk is actually forwarding data from the server its running as a forwarder on to the PC that is indexing the data??

i have setup one PC to forward data to another pc inside my office, and setup the indexing pc to receive the data but so far nothing has come through.

there are no firewalls or routers or proxies in the way as both pcs on the same internal network a few ip addresses apart.

Tags (1)
0 Karma
Reply

kristiaan_d
Explorer
‎02-03-2011 11:01 AM

OK this problem has been resolved and is now working. simple reason for it, on a default install of splunk it does not index any data at all..

so even though the data inputs window shows there are data inputs none of them are being monitored by default you have to enable them in the manager interface.

0 Karma
Reply

David
Splunk Employee
Splunk Employee
‎02-02-2011 06:10 PM

The easiest way if you think it's working is to do a search for host="ClientPC*" and see if any results come up. Alternatively, you can go into the indexing volume report ( http://YourHost:8000/en-US/app/search/indexing_volume ), split by host and look for the client.

There's also an app in the splunkbase that will help you monitor forwarders: http://splunkbase.splunk.com/apps/All/4.x/App/app:Splunk+Monitoring (I've never used it, but I know it is intended to help monitor forwarders on an ongoing basis).

You can also look at the splunkd.log at $SPLUNK_HOME/var/log/splunk/splunkd.log which should provide some error messages, if nothing is coming through.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Keep the Learning Going with the New Best of .conf Hub

Hello Splunkers, With .conf26 getting closer, there’s already a lot of excitement building around this year’s ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

How to find the worst searches in your Splunk environment and how to fix them

Everyone knows Splunk is a powerful platform for running searches and doing data analytics. Your ...