About akgmail

akgmail · ‎06-10-2022

If I am say adding a text "hello world" to test_new.html and saving it I am getting data in splunk. However if I am doing vi test_new.html and saving the file I am not getting any data in splunk. It seems to be weird issue .

akgmail · ‎06-10-2022

Hi , Thanks for your response. Yes I have restarted UF agent multiple times. I have check the logs index=_intenal host="uf_agent" source=splunkd I have not seen any ERROR. I tested it again as I added a line to the test_new.html I can see the data immediately.

akgmail · ‎06-09-2022

The test_new.html is getting update every 4 hours.The html file may or maynot have same number of lines. The data is only coming immediately when I am adding say test data into the html file. That means the data flow is not an issue. I am expecting it to send me data as and when timestamp of the file changes. Need your suggestions on the same. I have done below configuration In UF agent I have added inputs.conf as [monitor:///root/splunkstorage/test_new.html] disabled = false index = test_normal sourcetype = test:global:testnew:html crcSalt = <SOURCE> In the indexer I have props.conf [test:global:testnew:html] DATETIME_CONFIG = CURRENT CHECK_METHOD = modtime LINE_BREAKER = (<html><body>) NO_BINARY_CHECK = true SEDCMD-addvalues = s/<head>/<html><body>\n<head>/g TRUNCATE = 0 category = Custom disabled = false pulldown_type = true

akgmail · ‎05-18-2022

The email alert says ERROR occurred while generating the PDF. Please see pyhton.log for details. As it is older issue unable to locate the logs in splunk. what could be issue here?

akgmail · ‎05-16-2022

Hi @richgalloway Thanks for your response. When I run the command ./splunk list monitor in my uf I am able to see the input i.e. I get the expected file path. few steps that I tried from my end. I appended the files at same location for AMER,APAC and Emea-non-ngdc, I can see the appended changes reflecting in the splunk sh but still not getting data from Emea-non-ngdc.

akgmail · ‎05-05-2022

The script is producing output when i run the script located at /opt/splunkforwarder/etc/apps/custom_app/bin in UF but it is not sending data to HF. UF is configured in a way that it forwards data to HF and then to IDXer.

akgmail · ‎05-05-2022

Please find the details requested by you. Inputs.conf [monitor:///directoryname/region_202*] disabled = 0 index = custom_normal sourcetype = custom_test permissions for this file -rw-r--r-- 1 nobody nobody 1388 May 1 20:50 no error in splunkd.log wrt to this application. Can you elaborate a little more wrt to ->Are the UFs internal logs being sent to the indexers?

akgmail · ‎05-05-2022

A script is running fine in the UF agent but is not sending data to indexer. The UF agent is forwarding data to HF then to IDX.

akgmail · ‎05-05-2022

Pease find the details requested by you. Inputs.conf [monitor:///directoryname/region_202*] disabled = 0 index = custom_normal sourcetype = custom_test permissions for this file -rw-r--r-- 1 nobody nobody 1388 May 1 20:50 no error in splunkd.log wrt to this application. Can you elaborate a little more wrt to ->Are the UFs internal logs being sent to the indexers?

akgmail · ‎05-05-2022

The csv files are getting forwarded from a linux UF agent to splunk as and when it is created ie. 2:50 CET time. For a file getting created at 2:50 CET time on the same uf agent is not reflecting in the splunk. The inputs.conf file of the app is not having any intervals configured.

akgmail · ‎04-01-2022

Scripted input not showing up in search results, but is running fine in server

Posts	12
Solutions	0
Karma Given	0
Karma Received	0
Member Since	‎04-01-2022

Online Status	Offline
Date Last Visited	‎06-13-2022 04:36 AM

Why is there an issue with monitoring log file mon...

Why does the email alert says ERROR occurred whil...

A script is running fine in the UF agent but is no...

Why is UF agent unable to send data for a csv file...

Why is scripted input not showing up in search res...

Re: Issue with monitoring log file monitoring