Thanks for the clear explanation.
Yes you are right i have a splunk stand-alone server. when i search using index=_internal host= it doesnot show host.
I guess telnet is the problem telnet doesnot work from the target server. I have added a firewall rule on Splunk server and forward server but still it doesnot work. Any idea on this?
iptables -A INPUT -p tcp -m tcp --dport 9997 -j ACCEPT
But when i run /opt/splunkforwarder/bin/splunk list monitor, it shows
Monitored Files:
$SPLUNK_HOME/etc/splunk.version
/var/log/apache2/access.log
/var/log/apache2/error.log
var/log/apache2
I am not sure whats the problem
... View more