We found missing logs and timestamp issues for AIX...

jerjer951109 · ‎09-28-2020

Our heavy forwarder is 8.0.0 and splunk server is 8.0.2 and AIX agent is 6.3.1.
AIX agent will send logs to heavy forwarder and heavy forwarder will send logs to splunk server.
We found that the splunk server cannot completely and correctly receive all the logs of AIX .

However, we cannot upgrade the AIX agent for some reasons.
is it possibly solve this problem?

The_Simko · ‎09-29-2020

You aren't without hope, but you likely are going to need an intermediate forwarder to handle this traffic.

Fire up a 7x Heavy Forwarder to act as an intermediate forwarder for this traffic.

6.3.x is in limited support, and according to the forwarder documentation, is able to send Event data (and metrics data) to 7x Splunk Indexers.

https://docs.splunk.com/Documentation/Forwarder/latest/Forwarder/Compatibilitybetweenforwardersandin...

We found missing logs and timestamp issues for AIX agent

using Splunk Enterprise

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Observability Simplified: Combining User Experience, Application Performance & ...

Event Series May & June: From Network Visibility to Service Intelligence

Join the Conversation