I am trying to get my Ubuntu instance on VirtualBox to ingest my mac's system logs and performance data as remote logs. I already installed the add-on for linux and unix and configured the forwarding host as 10.0.2.255:9997 on my Mac and receiving port as 9997 on the Ubuntu instance.  I edited the input.config of the add-on for linux and unix and enable all the metrics and put the 'index = mac' on every one of them. I already added the index 'mac' for the admin on the ubuntu instance. However, when I searched 'index = mac' on the ubuntu instance, there is no data.  Is there something important that I am missing? Any help would be appreciated as this is really important as this will determine whether I will have the opportunity. Many thanks! ... View more

Trying to monitor the performance data on MacOS and downloaded Splunk Add-on for Unix and Linux  After clicking 'save' for setting on Splunk Enterprise Web, it shows the page that says 'Safari Can't Connect to the Server  Safari can't open the page "localhost:8000/en-US/app/Splunk_TA_nix/ta_nix_configuration" because Safari can't connect to the server "localhost".' Please find the attached for reference Any help would be appreicated! Thanks!   ref: https://docs.splunk.com/Documentation/AddOns/released/UnixLinux/About https://splunkbase.splunk.com/app/833/ https://lantern.splunk.com/hc/en-us/articles/360048491734-Operating-system-performance-data- ... View more

Trying to monitor the performance data on MacOS and downloaded Splunk Add-on for Unix and Linux  After clicking 'save' for setting on Splunk Enterprise Web, it shows the page that says 'Safari Can't Connect to the Server  Safari can't open the page "localhost:8000/en-US/app/Splunk_TA_nix/ta_nix_configuration" because Safari can't connect to the server "localhost".' Please find the attached for reference Any help would be appreicated! Thanks! ... View more

However, so far, I can't derive anything meaningful for building the dashboards. I would like to set Splunk to monitor the host operating systems logs files and/or performance data on macOS. I get data in from sources including '/var/log' and '/Library/Logs' but don't see anything meaningful from the data with certain field values filtered. I would also like to monitor the performance data but not sure where they locate at or how to filter the values. Any help would be appreciated! Thanks! System Log Folder: /var/log System Log: /var/log/system.log Mac Analytics Data: /var/log/DiagnosticMessages System Application Logs: /Library/Logs System Reports: /Library/Logs/DiagnosticReports User Application Logs: ~/Library/Logs (in other words, /Users/NAME/Library/Logs) User Reports: ~/Library/Logs/DiagnosticReports (in other words, /Users/NAME/Library/Logs/DiagnosticReports) ... View more

First time installing Splunk. I tried to reinstall the Splunk and web server is still not starting. I also need to change the mgmt port number as the previous one is still using the default port and I have no idea how to disable the previous session.    ./splunk start   Splunk> Winning the War on Error   Checking prerequisites... Checking mgmt port [8111]: open Checking conf files for problems... Done Checking default conf files for edits... Validating installed files against hashes from '/Applications/splunkforwarder/splunkforwarder-8.1.2-545206cc9f70-darwin-64-manifest' All installed files intact. Done All preliminary checks passed.   Starting splunk server daemon (splunkd)...   Done   bin % ./splunk cmd btool web list --debug | grep startwebserver /Applications/splunkforwarder/etc/apps/SplunkUniversalForwarder/default/web.conf startwebserver = 0 ... View more