I am running a Linux box as an indexer and have multiple servers feeding data back to the index. The issue I am having is a simple one but I cannot find a very straight forward answer. Forgive me if this question has been answered but I have only been successful in finding variations of the question. I have 4 unix boxes that I have the new universal forwarders set up on. The initial set up went smoothly and the data is being fed into the deployment manager. Since there is no browser interface I need to install the *nix app via the terminal. What is the correct syntax to accomplish this? the only data I am receiving from my forwarders is splunk information.
example:
03/18/2011 19:30:00, search_name="All indexers - regenerator", search_now=1300503600.000, info_min_time=1300501800.000, info_max_time=1300503600.000, info_search_time=1300503640.924, avg_age=0, indexQ_percentage=0, kb="2420.735356", my_splunk_server="access-root", parseQ_percentage=0, report="\"DM indexer summary index\""
I was hoping to install the *nix app in order to collect more important data such as syslogs. Without having to manually forward them. Since this is something the forwarder should do.
Any help would be appreciated.
Thanks,
Miguel
... View more