Splunk Cloud Platform
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

I can't see the event logs on splunk server from linux forwarder even though I setup the universal forwarder

Kendrick
Observer
‎07-22-2023 11:47 PM

I can't see the events log when I searching on splunk enterprise server. But I already check the splunk server status is running and I created the index = linux_universal_forwarder and host = linux_uf_1 into inputs.confg on forwarder linux machine. And I also created the receiving new port 8889 and new index = linux_universal_forwarder on splunk server. Why I can't see the logs ? I can able to ping between indexer and forwarder. Pls help how to fix this issue? how to troubleshoot step by step? I'm beginner to learn the Splunk. Thank you.

Kendrick_0-1690089343692.pngKendrick_1-1690089364076.png

 

Labels (1)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎07-23-2023 09:53 AM

You have an established connection between the forwarder and the indexer on port 9997 so there's no need for port 8889.

The search query (index=_internal ...) should be entered in the Splunk UI (use the "Search & Reporting" app).

The add monitor command is entered in the CLI, but the "/path/to/app/logs" argument is a placeholder (like "foo") that must be replaced by the actual file to file you wish to monitor.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...