Hello,
We’re trying to configure forwarding of all the Apache logs on a Windows server using the EnterpriseForwarder.
What we have already in the C:\Program Files\SplunkUniversalForwader\etc\apps\Splunk_TA_Windows\local\inputs.conf is:
[Monitor://C:\Apache2.2\logs]
disabled = 1
We have tried multiple sourcetype = entries but unable to see any logs being forwarded.
Please advise, thanks.
I've managed to resolve the issue by changing the config to:
[monitor://C:Apache2.2logs]
disabled = false
Changed the = 0 to false wording.
Thanks for your help
I've managed to resolve the issue by changing the config to:
[monitor://C:Apache2.2logs]
disabled = false
Changed the = 0 to false wording.
Thanks for your help
Is the disabled attribute really set to 1? If it is then the input is marked as disabled. It needs to be set to 0 (zero) for the input to be enabled.
Hi,
It's set to 0 at present, the config for A/P is set as:
[Monitor://C:Apache2.2logs]
disabled = 0
Have we got the correct config for it?
Thanks
is the path correct? which inputs.conf
did you modify? what did you see if you run $SPLUNK_HOME\bin\splunk cmd btool inputs list monitor
on the forwarder?
Hi Benlavender,
have you configured data forwarding on the universal forwarder http://docs.splunk.com/Documentation/Splunk/6.2.0/Forwarding/Configureforwarderswithoutputs.confd as well did you enable receiving on the indexer http://docs.splunk.com/Documentation/Splunk/6.2.0/Forwarding/Setupforwardingandreceiving ?
hope this helps ...
cheers, MuS
Hi yep, we have other servers forwarding data to our syslog server successfully in the same way, we’re just having issues forwarding Apache logs.