Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why is Universal Forwarder not forwarding? Standard install and all default configuration.

neiljpeterson
Communicator
‎12-05-2013 01:13 PM

My installation of the Spunk is right out of the box, standard. I followed all the documentation to the letter, used all recommended settings, groups, names, ports, etc.

In the Splunk interface I configured receiving to listen to 9997. And I installed the Deployment Monitor app.

I installed the Universal Forwarder on a remote host and selected all the inputs and a directory with a log file. All other the defaults used (also using 9997)

I verified that the server is reachable and listening on the correct port from the remote host.

After all this the Deployment monitor still says No forwarders and no data is available in search.

What am I missing here?

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

neiljpeterson
Communicator
‎12-05-2013 02:16 PM

So I found that the host I was trying to receive data from had been set (possibly inadvertently by me or perhaps by someone else >:|) as another indexer to also send data to. I guess this caused a conflict in some way?

After I removed that configuration and restarted Splunk the host's data is now showing up!

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

neiljpeterson
Communicator
‎12-05-2013 02:16 PM

So I found that the host I was trying to receive data from had been set (possibly inadvertently by me or perhaps by someone else >:|) as another indexer to also send data to. I guess this caused a conflict in some way?

After I removed that configuration and restarted Splunk the host's data is now showing up!

0 Karma
Reply
Solved! Jump to solution

lukejadamec
Super Champion
‎12-05-2013 04:57 PM

Beware the 'other' admins.

0 Karma
Reply
Solved! Jump to solution

lukejadamec
Super Champion
‎12-05-2013 01:55 PM

Restart the forwarder from a cmd window (run as admin) with the "c:\program files\splunkuniversalforwarder\bin\splunk.exe restart" command and look for errors. If there are none, then shortly after the restart look for errors in the splunk\var\log\splunk\splunkd.log file.

0 Karma
Reply
Solved! Jump to solution

neiljpeterson
Communicator
‎12-05-2013 01:34 PM

During the installation of UF? Yes I did, I selected all of them and a log file. Changed the post to reflect this.

0 Karma
Reply
Solved! Jump to solution

Ayn
Legend
‎12-05-2013 01:31 PM

Did you actually add any inputs for the UF to read data from?

0 Karma
Reply
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...