Yeah, I tried the other two methods as well. But I'm not able to get my files to Splunk.
when I try the second method, this is the error which I get.
[root@fr0-1z00-10 bin]# ./streamfwd -r /mnt/Data/Pcapfiles/bfd-raw-auth-simple.pcap
08:01:15.421 INFO stream.CaptureServer - Found DataDirectory: /opt/splunk/etc/apps/Splunk_TA_stream/data
08:01:15.421 INFO stream.CaptureServer - Found UIDirectory: /opt/splunk/etc/apps/Splunk_TA_stream/ui
08:01:16.319 FATAL stream.main - Failed to start streamfwd, the process will be terminated: Unable to ping server (c060ec11-3abe-4858-bd1b-25edb89f02f5): U nable to establish connection to localhost: Connection refused
Regarding the third method, I've appended my streamfwd.conf with the following contents, and I've performed a restart, but there was no success
[streamfwd]
streamfwdcapture.0.offline = true
streamfwdcapture.0.interface = /mnt/Data/Pcapfiles
However, I suspect the issue might be in how I have installed my Stream App.
I haven't performed an SSL certification. Is it because of that? and moreover I have installed the app from my Splunk UI, which I run on my windows PC, but I have actually installed Splunk on my Linux machine.
I login to the Linux machine using ssh
... View more