Solved: Missing Internal Logs from Server

BRFZ · ‎11-25-2024

Hello,

I have a server configured with three roles: Deployment Server, Console Monitoring, and License Master. However, I am not receiving the internal and audit logs from this server, such as logs from the Search Head or Indexers.

If you have any solutions to this problem, I would greatly appreciate your help.

gcusello · ‎11-25-2024

Hi @BRFZ ,

did you configured this server to send logs to the Indexers?

did you opened the firewall routes between this server and Indexers on the port 9997?

Make these checks.

Ciao.

Giuseppe

View solution in original post

gcusello · ‎11-25-2024

Hi @BRFZ ,

did you configured this server to send logs to the Indexers?

did you opened the firewall routes between this server and Indexers on the port 9997?

Make these checks.

Ciao.

Giuseppe

Missing Internal Logs from Server

audit

distributed search

indexer

monitoring console

search head

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Continue Your Federation Journey: Join Session 3 of the Bootcamp Series

Announcing Modern Navigation: A New Era of Splunk User Experience

Casting Call: Compete in Cyber Games

Join the Conversation

Missing Internal Logs from Server

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.