Security

error while giving path for different servers

rupesh212121
Explorer

hi my scenario is i am having different servers in which same services are running like httpd, maillog, errorlog and i want to see logs of all these servers. i have tried to give path for both the servers for seeing it access logs as /var/logs/httpd/access_logs and it gave me the following error.

"Encountered the following error while trying to save: In handler 'monitor': Cannot create another input with the name "/var/log/httpd/access_log", one already exists."

how can i see the same logs of two different servers.

plz help me in this regard.

thank u Prakash

Tags (1)
0 Karma

LCM
Contributor

Basically, you do:

Server 1 (Indexer - MASTER)

  1. Manager » Data inputs » Files & Directories » Add New --> */var/log/httpd/access_log*
  2. Manager » Forwarding and receiving » Receive data » Add New --> 9997

Server 2 (Forwarder - CLIENT)

  1. Manager » Data inputs » Files & Directories » Add New --> */var/log/httpd/access_log*
  2. Manager » Forwarding and receiving » Forward data » Add New --> < ip.from.your.master:9997 >

Please, read through following docs as well:

LCM
Contributor

That error means you already configured that path for monitoring then. There is no reason to configure it twice. Can you double check, if you entered that path before

rupesh212121
Explorer

but it is not accepting the path as it is saying the path already exist.

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...