Solved: Re: help please : inputs problem - Page 2

neermine · ‎08-15-2018

hi i have configurate my universal forwarder and splunk so i can find my machine in the host list of splunk .. but i think i have a problem in the inputs.conf because i can't find the sourcetype and the indexer that i have creat

skoelpin · ‎08-15-2018

You should look at the forwarder logs and see if its sending data. You can see this by going to /top/splunkforwarder/var/log/splunk/splunkd.log and this will tell you if its sending its logs to the indexer(s). You can also do a quick search to see if any logs are present. Assuming this is a relatively new setup, you can set your time range to all-time

| metasearch index=me

View solution in original post

neermine · ‎08-15-2018

yes i configured outputs.conf and the forwarder status of the UF is configurate and active
in the host list of splunk i can find my machine name
i configure the tcp port 9997
but what did you mean by set up the index on your indexer ?

FrankVl · ‎08-15-2018

You configured index=me in your inputs.conf. Did you also actually create that index on your indexer (your splunk enterprise instance)?

neermine · ‎08-15-2018

yes i did but it has no events

help please : inputs problem

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation

help please : inputs problem

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!