×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
cssean
Explorer
Member since: ‎10-08-2013
‎06-05-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 1
Karma Received 1
Member Since ‎10-08-2013
View All

Re: How to tell if a universal-forwarder is "caugh...

by in Getting Data In
‎10-15-2013 01:13 PM
‎10-15-2013 01:13 PM
@MuS: I have implemented this solution but I seem to have a problem. Even after the files are no longer written to (multiple calls result in the same "file size" and "file location" values), the "type" never changes to "finished reading". Am I misunderstanding something here? ... View more

Re: How to tell if a universal-forwarder is "caugh...

by in Getting Data In
‎10-09-2013 10:33 AM
‎10-09-2013 10:33 AM
This is exactly what I needed. Thanks for the endpoint and explanation. ... View more

How to tell if a universal-forwarder is "caught up...

by in Getting Data In
‎10-08-2013 10:43 PM
1 Karma
‎10-08-2013 10:43 PM
1 Karma
We have universal forwarders set up on some machines which are part of an auto-scale group in EC2. In some cases the group scales up during peak load. These auto-scale events are somewhat rare, but often times leave us with more instances running than we need once things simmer down. To combat this, we are devising a way to terminate instances during our low load times. We can terminate the application that is writing the logs and tell Amazon to terminate the instance. But we need to be sure that the forwarder is "caught up", meaning it has reached the end of each of its monitored files. Is there a way to tell (other than tcpdump or similar) whether the forwarder is still doing anything? This would need to be a scriptable solution so no human intervention is required. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from
View All
Karma given to
View All