...ound I was getting no log events at all. So I commenced troubleshooting.
First I checked to see if the indexers were receiving data by running tcpdump and I saw the logs and metrics coming over the w...
sourcetype = metrics
alwaysOpenFile = 1
recursive = false
Simple inputs.conf above, tried crcSlat and alwaysOpen. Now if I put this monitor on a Forwarder, the events are quickly indexed. I...
...ocumentation suggests that If using Splunk_TA_nix, I should enable metricsinputswith the following: [script://./bin/vmstat.sh]
interval = 60
sourcetype = vmstat
source = vmstat
# index = os
disabled = 0...
...ssue, but when the cron tried to run, it doesn't appear to post any data into the index. I upped the run interval, for one of the inputs to run at 1-59/5 * * * * and the other at */5 * * * * When I c...