Dear All, Unable to send data from universal forwarder, to Splunk Enterprise i have minimal knowledge in Splunk  I'm trying to configure universal forwarder but unable to success could you please help me in this regards Please find the below my configurations i am using Splunk Enterprise 9.0 and universal forwarder version 9.1.1using Cent OS 7.0 inputs.conf [root@Universalforwarders local]# [monitor:///var/log/messages] index=os disabled=0 outputs.conf [root@Universalforwarders local]# [tcpout] defaultGroup = default-autolb-group [tcpout:default-autolb-group] [server://192.168.122.1:9997]   i used following command to check port status: netstat -an | grep 9997 tcp     0     0   0.0.0.0:9997   0.0.0.0:*   LISTEN localhost.localdomain --- my Splunk enterprise instance 127.0.0.1 --- my Splunk Universal forwarder   i want to know where i am doing mistake would be appreciate your kind support thanks in advance             ... View more

Hi splunkers, I would like to inform you that i am using below geostat spl, but i am unable to get result can anyone help me please where i am doing mistake i have chosen .csv file source type when i am trying to get spl result it says no data found index="main" | geostats latfield=vendorlatitude longfield=vendorlongtitude count by vendorcountry Would be appreciate your kind support. thanks in advance ... View more

Dear Splunkers, I would like to inform you that, I am very curious to learn splunk admin, can anyone refer me good YouTube channel or any other online institute moreover If possible please provide me list of topics available in splunk admin course Would be appropriate your kind support Thanks in advance.. ... View more