Hi Giuseppe,
Yes, I have read the basic documentation and some of the videos. I installed splunk universal forwarder on one of the client and set the forwarding data using the command, also configured the inputs and outputs.conf
./splunk add monitor /var/log/syslog -sourcetype systemlog
unfortunately, the data is not routing to the splunk server. on the splunk web interface the messages as fllows.
"The TCP output processor has paused the data flow. Forwarding to output group default-autolb-group has been blocked for 10 seconds. This will probably stall the data flow towards indexing and other network outputs. Review the receiving system's health in the Splunk Monitoring Console. It is probably not accepting data. Learn more."
"Now skipping indexing of internal audit events, because the downstream queue is not accepting data. Will keep dropping events until data flow resumes. Review system health: ensure downstream indexing and/or forwarding are operating correctly. "
please suggest.
... View more