I have looked around for an answer to this so I feel confident that no one will be shouting for me to use the search feature.
I have been setting up several servers to all report via syslogd to a central reporting server. Everything works great and I confirmed this by tail -f /var/log/syslog (or whichever is your default log file that everything gets funneled into)
When I start splunk... ./splunk start i notice that the log files stop scrolling. I get no data into these log files until I kill the splunkd process. I have confirmed this several times by starting splunk and then later killing the splunkd process the moment i stop it my logs start scolling again recording all the data just like they should.
The only lead I have right now is something about splunk having its own syslogd server built in... Is there a config file I have to edit in splunk that maybe tells the incoming log messages where to go like my current /etc/rsyslog.d/50-default.conf ?
Or am I missing something simple here?
~Matt
... View more