Hi Guys, I installed Splunk add-on for apache web server on my UF and configured as per the documentation. I am able to see logs in my indexer but facing issue with the "tags". Only "web" and "error" tags are being generated. No data is displayed when i run data validation search: tag=web tag=inventory tag=activity sourcetype=apache:access OR tag=web tag=inventory tag=activity sourcetype=apache:error Below are the configuration files : cd /opt/splunkforwarder/etc/apps/Splunk_TA_apache cat inputs.conf -bash-4.2$ cat inputs.conf [monitor:///var/log/httpd/error_log*] sourcetype=apache:error index=webserver disabled = 0 [monitor:///var/log/httpd/access_log*] sourcetype=apache:access:kv index=webserver disabled = 0 I have only one config file "inputs.conf" in the above path. NOTE: I need this app to work fine in order to use it with Splunk ITSI web server module. PLEASE HELP!
... View more
I have installed the Splunk add-on for Unix and Splunk App for Unix on the same Splunk Enterprise instance for testing purposes. The scripts are beings monitored correctly with the right index on path : /opt/splunk/etc/apps/Splunk_TA_nix/local/inputs.conf The index and sourcetypes are mentioned correctly in Splunk App for Unix GUI : Settings > Your Data I am unable to view data in Metrics dashboard of Splunk App for Unix, its showing "No results found". I am able to search and query cpu, disk and other metrics successfully through a search. Can anyone please help?
... View more