Background Information:
Currently on a 60 day trial of Splunk
Enterprise Splunk Enterprise is running on Debian Wheezy
Splunk Enterprise Version 6.2.2
Splunk Universal Forwarder on (5) Debian Wheezy Host
Splunk Universal Forwarder on (1) Windows 8.1 Host
Splunk Universal Forwarder Version 6.2.2
Deploy Poll: 8089
Forward Server: 9997
We are having trouble with the "Splunk Add-on for Unix and Linux" (https://splunkbase.splunk.com/app/833/ ), as we are unable to get log data from our Debian Hosts to the indexer without manually adding the log location from the "Add Data" Process. None of the predefined inputs work, and we are unable to index the "File and Directory Inputs" or the "Scripted Inputs" as listed in the "Splunk Add-on for Unix and Linux" Setup page. We have tried installing the forwarder on various hosts within the infrastructure, uninstalling the forwarders & reinstalling forwarders on the Debian hosts, uninstalling & reinstalling the "Splunk Add-on for Unix and Linux", & nothing we have attempted has fixed the problem we seem to have.
In contrast, the "Splunk Add-on for Microsoft Windows" works perfectly with the Windows 8.1 host, and we were able to get the log data indexed & is currently searchable. All of the predefined inputs work as advertised and we don't have any issues.
We are lost & looking for answers. Any help is appreciated, & I can provide more details if needed.
Thomas
... View more