Hello,
My problem is that the data I send with the forwarder does not reach splunk.
Here is how I configured the forwarder
First, I started the forwarder
./splunk start in $Splunk_Home/bin
Second, I configure the forwarder to connect to a receiving indexer and configure to connect to a deployment server and try
./splunk add forward-server Ip_of_splunk:9997
./splunk set deploy-poll Ip_of_splunk:8089
Third, I have configured inputs.conf to enter the logs I wanted to retrieve
[monitor:///var/log/secure.log]
index = logcentos
sourcetype = secure
[monitor:///var/log/httpd/access.log]
index = logapache
sourcetype = acces_log
Four, I configured the firewall
firewall-cmd --zone=public --add-port=9997/tcp --permanent
firewall-cmd --reload
Five, I restarted the forwarder
./splunk restart in $Splunk_Home/bin
when the restart is finished, I'll check the splunk web page and I see that nothing happened about the indexes I just configured.
I check that I didn't make any mistakes when I wrote the names of the indexes but no there is no mistake
I check if the forward-server is "active" and yes is active
So I don't know what the problem is because I have the "same" configuration as for a forwarder in windows which works
Thank you in advance for helping me find solutions
... View more