Splunk Cloud Platform
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why are Forwarder logs not generated?

I29851
Explorer
‎04-19-2022 06:13 AM

Hello all

In our environment some universal forwarders are not reporting to Splunk cloud. When I tried to view forwarder log file i.e. splunkd.log I found that for past one week no log was present in the file. What maybe the reason? Is it related to forwarder not sending logs to Splunk index?

 

Thank you

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎04-19-2022 06:54 AM

If the splunkd.log is not generated locally on the UF machine, it's not surprising that there are no events forwarded to the indexers. By default splunk logs its own internals to files and then ingests the entries from those files and forwards them to indexers to the _internal index. So if there is nothing to read, there's nothing to forward.

But the question is whether the splunk forwarder process is running at all.

If it's not running, you should try to find (in system-wide logs, maybe last entries in splunkd.log will shed some light) why the process was stopped.

0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎04-19-2022 06:43 AM

@I29851 

  • Are Splunk services running? (./splunk status)
  • Is permission of the file system accessible by the user who is currently running the Splunk service?

---
I could see only these 2 main reasons Splunk not generating internal logs.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...