×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
emechling
New Member
Member since: ‎12-12-2018
‎06-05-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎12-12-2018
View All

Re: Why can't I see my new forwarder in the Splunk...

by in Getting Data In
‎12-13-2018 02:28 AM
‎12-13-2018 02:28 AM
Sorry, I was wrong. My clients do not appear by going to splunk-> settings -> forwarders. But the sources are well listed by going over the summary of the data in the search part of splunk. Thanks. ... View more

Re: Why can't I see my new forwarder in the Splunk...

by in Getting Data In
‎12-13-2018 01:12 AM
‎12-13-2018 01:12 AM
I can telnet to that port from client from the network and from that linux client. Receiving is enabled and the port not blocked. Otherwise 2 Windows forwarders works and are connected to the server. The connection is established in TCP. ... View more

Why can't I see my new forwarder in the Splunk UI?

by in Getting Data In
‎12-12-2018 05:23 AM
‎12-12-2018 05:23 AM
Hello, I'm a new Splunk user. I have configured a Splunk server with 2 Windows forwarders. Now, I want to set up a Linux forwarder in order to send log messages from /var/log/syslog. I downloaded and installed the Splunk forwarder to the client. Then i use the commands : [root]# /opt/splunkforwarder/bin/splunk start --accept-license [root]# /opt/splunkforwarder/bin/splunk add forward-server 192.168.107.15:9997[root]# /opt/splunkforwarder/bin/splunk add monitor /var/log/syslog/ Added monitor of '/var/log/syslog'. [root]# /opt/splunkforwarder/bin/splunk list forward-server Active forwards: 192.168.107.15:9997 Configured but inactive forwards: None I restarted both the server and the client, however I can't see any new forwarder in the Splunk UI. Here my client's splunkd.log : 12-12-2018 12:21:13.435 +0100 INFO TcpOutputProc - Connection to 192.168.107.15:9997 closed. Connection closed by server. 12-12-2018 12:21:13.436 +0100 WARN TcpOutputFd - Connect to 192.168.107.15:9997 failed. Connection refused 12-12-2018 12:21:13.436 +0100 ERROR TcpOutputFd - Connection to host=192.168.107.15:9997 failed 12-12-2018 12:21:13.436 +0100 WARN TcpOutputProc - Applying quarantine to ip=192.168.107.15 port=9997 _numberOfFailures=2 12-12-2018 12:21:33.742 +0100 INFO TcpOutputProc - Removing quarantine from idx=192.168.107.15:9997 12-12-2018 12:21:33.745 +0100 INFO TcpOutputProc - Connected to idx=192.168.107.15:9997, pset=0, reuse=0. root@srv-virtuel2:~# netstat -ano | grep 9997 tcp 0 0 192.168.107.2:49408 192.168.107.15:9997 ESTABLISHED off (0.00/0/0) inputs.conf (client): [default] host = srv-virtuel2 [monitor:///var/log/syslog] _TCP_ROUTING = default-autolb-group outputs.conf (client): [tcpout] defaultGroup = default-autolb-group [tcpout:default-autolb-group] server = 192.168.107.15:9997 [tcpout-server://192.168.107.15:9997] Can you help me ? Thanks in advance. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM