How to get the diag files with debug files of the ...

raghunandan1 · ‎02-15-2024

Log ingesting intermittently We could not find the path referenced . We have Univerasal forwarder is Windows server and Heavy forwarder is *nix server. How to get the diag files with debug enable of the UF and the HF?

Can you please provide the detailed explanation with commands

SanjayReddy · ‎02-15-2024

Hi

you can enable debug mode for splunkd.log file before taking diag.

Enable debug logging on all of splunkd.log

Splunk software has a debugging parameter (--debug) that you can use when you start Splunk software from the CLI in *nix. This command outputs logs to the $SPLUNK_HOME/var/log/splunk/splunkd.log file.

This option is not available on Windows. To enable debugging on Splunk software running on Windows, enable debugging on a specific processor. See Enable debug logging in Splunk Web or Enable debug logging using log.cfg.

Navigate to $SPLUNK_HOME/bin.
Stop the Splunk platform instance, if it is running.
Save your existing splunkd.log file by renaming it, like splunkd.log.old.
Restart the instance in debug mode with splunk start --debug.
When you notice the problem, stop the instance.
Move the new splunkd.log file elsewhere and restore the old file.
Stop or restart the instance normally (without the --debug flag) to disable debug logging.
Not all messages marked WARN or ERROR indicate actual problems with Splunk software; some indicate that a feature is not being used.

for splunk diag run following command

*nix example Windows example
./splunk diag
splunk diag

@raghunandan1

How to get the diag files with debug files of the UF and the HF?

heavy forwarder

intermediate forwarder

Linux

modular input

universal forwarder

Windows

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...