I deploy a universal forwarder on SUSE Linux server, and monitor a log file. This forwarderforwards data to an indexer. We found that sometimes we can't search some logs which were added to the l...
...an you please share the troubleshooting steps for the forwarder? Can forwarder log files help us pin point - if forwarder at all sending the events toIndexer?
...m unable to find these events being indexed on the indexer.
The forwarder is able toforward other events. I have a similar monitor set up to watch the /var/log/maillog file, and I find these e...
...unning on the indexer, the Splunk forwarder in question is "missing".
Please help us diagnose our problem as we have a demo to a customer tomorrow.
thank you
how to fix this error , "WARN TcpOutputProc - Forwarding toindexer group GSOC blocked for 9500 seconds". I cant receive security logs or any logs from my DC Servers, I am using SUF version 6 on a d...
I have a ticket in with support but this may be faster.
My intermediate forwarder is not working right. When I restart it, everything works for a few minutes then stops working. I have checked e...
Hello,
I have a doubt with respect to the below stanzas in Heavy forwarder and indexers. Will the below stanzas ensures SSL authentication only OR it will encrypt the communication as well? If i...
When I try to add my indexerto the configuration of my linux box where I have installed the universal forwarder, it errors on authentication.
This is on Splunk 5.0, and the Splunk server (indexer...
...f our Universal Forwarders reads and forwards.
I know the data is not getting to the Indexer (or at least is not getting indexed).
Is there a best practice for determining whether or not data is a...