Getting Data In

Why are Apache logs on a Windows server not forwarding with our universal forwarder configuration?

Benlavender
Explorer

Hello,

We’re trying to configure forwarding of all the Apache logs on a Windows server using the EnterpriseForwarder.

What we have already in the C:\Program Files\SplunkUniversalForwader\etc\apps\Splunk_TA_Windows\local\inputs.conf is:

[Monitor://C:\Apache2.2\logs]
disabled = 1

We have tried multiple sourcetype = entries but unable to see any logs being forwarded.

Please advise, thanks.

0 Karma
1 Solution

Benlavender
Explorer

I've managed to resolve the issue by changing the config to:

[monitor://C:Apache2.2logs] 
disabled = false

Changed the = 0 to false wording.

Thanks for your help

View solution in original post

Benlavender
Explorer

I've managed to resolve the issue by changing the config to:

[monitor://C:Apache2.2logs] 
disabled = false

Changed the = 0 to false wording.

Thanks for your help

davebrooking
Contributor

Is the disabled attribute really set to 1? If it is then the input is marked as disabled. It needs to be set to 0 (zero) for the input to be enabled.

Benlavender
Explorer

Hi,

It's set to 0 at present, the config for A/P is set as:

[Monitor://C:Apache2.2logs] 
disabled = 0

Have we got the correct config for it?

Thanks

0 Karma

MuS
SplunkTrust
SplunkTrust

is the path correct? which inputs.conf did you modify? what did you see if you run $SPLUNK_HOME\bin\splunk cmd btool inputs list monitor on the forwarder?

0 Karma

MuS
SplunkTrust
SplunkTrust

Hi Benlavender,

have you configured data forwarding on the universal forwarder http://docs.splunk.com/Documentation/Splunk/6.2.0/Forwarding/Configureforwarderswithoutputs.confd as well did you enable receiving on the indexer http://docs.splunk.com/Documentation/Splunk/6.2.0/Forwarding/Setupforwardingandreceiving ?

hope this helps ...

cheers, MuS

0 Karma

Benlavender
Explorer

Hi yep, we have other servers forwarding data to our syslog server successfully in the same way, we’re just having issues forwarding Apache logs.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...