Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Getting Data In
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Re: splunk universal forwarder not monitoring all ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
splunk universal forwarder not monitoring all files in a folder
sid1987
New Member
04-13-2020
03:35 AM
Same version of splunk forwarder (8.0.2) on 2 linux servers are behaving differently.
One lists all files under a folder to monitor. However other one shows only few of them. What's the issue.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
manjunathmeti
Champion
04-13-2020
03:52 AM
Check if forwarders in both linux servers have same inputs.conf configurations. If yes, then check the file and folders permissions on both servers.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sid1987
New Member
04-13-2020
04:03 AM
strange part is the server which is working fine has no monitor parameter set in any of the inputs.conf
/opt/splunkforwarder/bin/splunk list monitor
Monitored Directories:
$SPLUNK_HOME/var/log/splunk
/opt/splunkforwarder/var/log/splunk/audit.log
/opt/splunkforwarder/var/log/splunk/first_install.log
/opt/splunkforwarder/var/log/splunk/splunkd_access.log
$SPLUNK_HOME/var/log/splunk/license_usage_summary.log
$SPLUNK_HOME/var/log/splunk/metrics.log
/opt/splunkforwarder/var/log/splunk/metrics.log
$SPLUNK_HOME/var/log/splunk/splunk_instrumentation_cloud.log*
$SPLUNK_HOME/var/log/splunk/splunkd.log
/opt/splunkforwarder/var/log/splunk/splunkd.log
$SPLUNK_HOME/var/log/watchdog/watchdog.log*
/var/log/forwarder-logs
/var/log/forwarder-logs/LogA
/var/log/forwarder-logs/LogB
/var/log/forwarder-logs/LogC
/var/log/forwarder-logs/LogD
/var/log/forwarder-logs/LogE
/var/log/forwarder-logs/LogF
/var/log/forwarder-logs/LogG
/var/log/forwarder-logs/LogH
/var/log/forwarder-logs/LogI
/var/log/forwarder-logs/LogJ
Monitored Files:
$SPLUNK_HOME/etc/splunk.version
$SPLUNK_HOME/var/run/splunk/search_telemetry/*search_telemetry.json
$SPLUNK_HOME/var/spool/splunk/...stash_new
grep -r "/var/log/forwarder-logs" /opt/splunkforwarder/etc/
Above command returns nothing.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
manjunathmeti
Champion
04-13-2020
04:24 AM
It'll be there somewhere use btool command to check:
/opt/splunkforwarder/bin/splunk cmd btool inputs list --debug
Check if directories are monitored recursively, check paths with /.../
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sid1987
New Member
04-13-2020
04:54 PM
strangely nothing again.
/opt/splunkforwarder/bin/splunk cmd btool inputs list --debug | grep forwarder | grep -v splunkforwarder
Get Updates on the Splunk Community!
.conf25 Community Recap
Hello Splunkers,
And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...
Splunk App Developers | .conf25 Recap & What’s Next
If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...
Congratulations to the 2025-2026 SplunkTrust!
Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!
The ...
