Splunk Cloud Platform
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

I can't see the event logs on splunk server from linux forwarder even though I setup the universal forwarder

Kendrick
Observer
‎07-22-2023 11:47 PM

I can't see the events log when I searching on splunk enterprise server. But I already check the splunk server status is running and I created the index = linux_universal_forwarder and host = linux_uf_1 into inputs.confg on forwarder linux machine. And I also created the receiving new port 8889 and new index = linux_universal_forwarder on splunk server. Why I can't see the logs ? I can able to ping between indexer and forwarder. Pls help how to fix this issue? how to troubleshoot step by step? I'm beginner to learn the Splunk. Thank you.

Kendrick_0-1690089343692.pngKendrick_1-1690089364076.png

 

Labels (1)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎07-23-2023 09:53 AM

You have an established connection between the forwarder and the indexer on port 9997 so there's no need for port 8889.

The search query (index=_internal ...) should be entered in the Splunk UI (use the "Search & Reporting" app).

The add monitor command is entered in the CLI, but the "/path/to/app/logs" argument is a placeholder (like "foo") that must be replaced by the actual file to file you wish to monitor.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...