Getting Data In

Forwarder is not forwarding all the files in directory.

kmisaal
New Member

I have configured a forwarder on Linux and receiver on different Linux box.

After restarting the forwarder I can see only the latest file got forwarded and on receiver only one file is indexed.

However I can see on forwarder there are multiple files got indexed. The data input for forwarder is "monitor file and directory" with the path of logs directory.

This logs directory has multiple log files.

Please let me know why forwarder is not forwarding all the files.

Tags (1)
0 Karma

LCM
Contributor

Hard to guess what the problem could be since a part got forwarded though!

Can you investigate following:

  • in the directory you're monitoring: create a new "dummy" file wich consist eg. "Hello World" (does that work - is it being indexed - can you see it on the receiver box)
  • modify one of the existing file with a new entry
  • check splunkd.log
  • netstat -a (although that should work 😉 )
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...