Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

help please : inputs problem

neermine
Path Finder
‎08-15-2018 01:01 AM

hi i have configurate my universal forwarder and splunk so i can find my machine in the host list of splunk .. but i think i have a problem in the inputs.conf because i can't find the sourcetype and the indexer that i have creat
alt text

Preview file
25 KB
Preview file
21 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

skoelpin
SplunkTrust
SplunkTrust
‎08-15-2018 06:35 AM

You should look at the forwarder logs and see if its sending data. You can see this by going to /top/splunkforwarder/var/log/splunk/splunkd.log and this will tell you if its sending its logs to the indexer(s). You can also do a quick search to see if any logs are present. Assuming this is a relatively new setup, you can set your time range to all-time

| metasearch index=me

View solution in original post

0 Karma
Reply
Solved! Jump to solution

neermine
Path Finder
‎08-15-2018 02:44 AM

yes i configured outputs.conf and the forwarder status of the UF is configurate and active
in the host list of splunk i can find my machine name
i configure the tcp port 9997
but what did you mean by set up the index on your indexer ?

0 Karma
Reply
Solved! Jump to solution

FrankVl
Ultra Champion
‎08-15-2018 02:52 AM

You configured index=me in your inputs.conf. Did you also actually create that index on your indexer (your splunk enterprise instance)?

0 Karma
Reply
Solved! Jump to solution

neermine
Path Finder
‎08-15-2018 06:29 AM

yes i did but it has no events

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

Data Management Digest – May 2026

Welcome to the May 2026 edition of Data Management Digest!   As your trusted partner in data innovation, the ...