About dmpopof

dmpopof · ‎08-31-2018

Question: why is /var/log/messages not forwarded to index? My deployment: UF: version 7.1.2 RHEL 6.10 /opt/splunkforwarder/etc/apps/_server_app_linux-server/local/inputs.conf [monitor:///var/log] disabled = false index = linuxlog sourcetype = syslog etc/apps/_server_app_linux-server/local/app.conf # Autogenerated file [install] state = enabled splunk list monitor Monitored Directories: ... /var/log ... /var/log/messages /var/log/messages-20180805 /var/log/messages-20180812 /var/log/messages-20180819 /var/log/messages-20180826 ll /var/log/messages -rw-r-----+ 1 root root 1160093 Aug 30 12:07 /var/log/messages -rw------- 1 root root 653 Aug 5 02:37 /var/log/messages-20180805 -rw------- 1 root root 580 Aug 12 02:05 /var/log/messages-20180812 -rw------- 1 root root 19310 Aug 19 02:42 /var/log/messages-20180819 -rw------- 1 root root 728770 Aug 26 02:05 /var/log/messages-20180826 Deployment server version 7.1.2 CentOS 7.5.1804 Search head version 7.1.2 CentOS 7.5.1804 search: index="linuxlog" source="/var/log/messa*" where is no "/var/log/messages" in sources!

dmpopof · ‎01-29-2018

I have same situation. But I can ping and telnet 8089 my deployment server from forwarder host and I have same error in var/log/splunk/splunkd.log on forwarder side. How can I do further troubleshooting?

Posts	2
Solutions	0
Karma Given	1
Karma Received	0
Member Since	‎01-29-2018

Online Status	Offline
Date Last Visited	‎12-25-2020 07:25 AM

Why can't my UF send data from /var/log/messages?

Why can't my UF send data from /var/log/messages?

Re: How to resolve "err=not_connected" error in De...