on the following host : FreeBSD localhost 7.2-RELEASE-p4 FreeBSD 7.2-RELEASE-p4 i386 splunk universal forwarder is giving this error: ./splunk start Splunk> The IT Search Engine. Checking prerequisites... Checking mgmt port [8089]: open Unexpected EOF from process runner child! SSL certificate generation failed. Any thoughts ? ... View more

Hello: I am very new to splunk - I have configured a lightforwarder to forward syslogs to splunk collector on a specific port which has its own indexer. I am not sure if _internal index is also getting indexed with my custom syslog index ? I am seeing entires such as this, first entry is clean while subsequent entires are getting padded (below reverse chronological order): # 12/22/10 1:12:49.000 PM _internal\x00\x00\x00\x00\x14MetaData:Sourcetype\x00\x00\x00\x00\x13sourcetype::fwd-hb\x00\x00\x00\x00\x10MetaData:Source\x00\x00\x00\x00\xFsource::fwd-hb\x00\x00\x00\x00\x00\x00\x00\x00\x5_raw\x00\x00\x00\x1\xCC\x00\x00\x00\xB\x00\x00\x00\x5_raw\x00\x00\x00\x00LDec 22 13:12:49 localhost user: I am running as root again and again * host=localhost Options| * sourcetype=syslog Options| * source=tcp:5140 Options # 2 12/22/10 1:12:33.000 PM \x00\x00\x1\xC2\x00\x00\x00\xB\x00\x00\x00\x5_raw\x00\x00\x00\x00BDec 22 13:12:33 localhost user: I am running as root again * host=localhost Options| * sourcetype=syslog Options| * source=tcp:5140 Options # 3 12/22/10 1:12:07.000 PM Dec 22 13:12:07 localhost user: I am running as root Any thoughts/help would be great. Thanks Dev ... View more