Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

I can't collect logs in splunk GUI after splunk configuration

pacifikn
Communicator
‎01-13-2020 10:43 PM

Hello!!!!

I can't collect logs in Splunk after Splunk configuration
I have done all configuration but I still not getting logs in Splunk?

  1. I verified that logs come from Syslog sender are well received, and also doing Splunk configuration

when I search index=* I can't find index=xxxx expected, why? where can I check and fix this??

  1. Other issues, is that I get a message that says, msg=A script exited abnormally with exit status:1" input=".$SPLUNK_HOME/etc/apps/splunk_instrumentation/bin/instrumentation.py" stanza=" default" -->the error identified by health check, how to fix this?

Kindly help me on the above issues, thank you

0 Karma
Reply

pacifikn
Communicator
‎01-19-2020 09:40 PM

Hi Jawaharas! the issue was fixed, The issue was lack of available storage on the /opt partition that received all logs from Syslog sender on the Splunk Management node, This caused the Splunk Forwarder to stop working, the issue was managed and fixed. everything is fine now. Thank you a lot for your kind help!

0 Karma
Reply

jawaharas
Motivator
‎01-20-2020 03:10 PM

I'm glad you figured it out.

0 Karma
Reply

jawaharas
Motivator
‎01-19-2020 08:37 PM
  1. How do you verified that logs come from Syslog sender are well received?
  2. What Splunk configuration performed?
  3. Is the UDP port open (in Splunk) for the syslog servers?
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...