Hi All,
trying to get the forwarder woring on the nagios host, but not getting data on the splunk server.
My outputs.conf is as this:
[tcpout]
defaultGroup = default-autolb-group
[tcpout:default-autolb-group]
server = 10.64.91.15:9997
[tcpout-server://10.64.91.15:9997]
My inputs.conf looks like this:
[monitor:///usr/local/nagios/var/nagios.log]
disabled = false
host = 10.64.91.15
sourcetype = nagios
index = nagios
10.64.91.15 = splunk server, 10.64.91.10 = nagios server
firewall is diabled, and followed instructions exept 4 pnp4nagios.
Using latest splunk version on centos6.5
Any comments / ideas?
Okay followed some directions on another page and is seemed that I had to make a TCP listener on port 9997. Receiving nagios log data now 🙂
Second is that my inputs.config was wrong. The ip/adres or servername seems to be the name of the sending/forwarding server.