Hi, Splunkers:
Recently, I've migrated my indexer to search head, but I'm not very familiar with configure files. The question is, there are 4 remote inputs in Splunk web, and when I tried to remove them with role of admin, it showed me the following message:
I've used btool
to debug the configure file, but it looks like there is no such inputs that I can find and then fix them.
Any idea for this?
Why do you have conf files in /var/log
? All the conf files should be under $SPLUNK_HOME/etc/apps...
OR $SPLUNK_HOME/etc/system/...
Perhaps you're referring to log files sitting on remote hosts that get picked up by the forwarder? If so, these aren't conf files, and you can easily ssh into the box and remove those log files if you wish
Why do you have conf files in /var/log
? All the conf files should be under $SPLUNK_HOME/etc/apps...
OR $SPLUNK_HOME/etc/system/...
Perhaps you're referring to log files sitting on remote hosts that get picked up by the forwarder? If so, these aren't conf files, and you can easily ssh into the box and remove those log files if you wish
I had tried to configure these remote inputs to another index in splunk web but it looks like no use.
Hi, skoelpin:
I means that I had configured to collect log files via splunk web but it was in the incorrect index so I want to remove these remote inputs but I can't. So I want to remove these in configure files. ^_^