I have created an index called prod_syslog with four sourcetypes monitoring the below paths. I see this app is deployed to the syslog server via the forwarder management section of the deployment server. Yes i receive no data in the search head when looking for anything in that index. Each of the monitors below have subfolders with the hostnames that send syslog to the syslog server, I believe i should be able to do a recursive search to all the sub-directories in this path by default.
[monitor:///var/log/company_logs/ESXi_Hosts/]
disabled = false
index = prod_syslog
sourcetype = vmw-syslog
[monitor:///var/log/company_logs/f5/]
disabled = false
index = prod_syslog
sourcetype = f5-syslog
[monitor:///var/log/company_logs/Firewalls/]
disabled = false
index = prod_syslog
sourcetype = firewall-syslog
[monitor:///var/log/company_logs/Switches/]
disabled = false
index = prod_syslog
sourcetype = switch-syslog
Hi pete_charlton,
set disabled
to 0 not false
see docs:
disabled = [0|1]
* Specifies whether or not the input is enabled.
* 1 to disable the input, 0 to enable it.
* Defaults to 0 (enabled).
If this does not help:
hope this helps ...
cheers, MuS
Hi pete_charlton,
set disabled
to 0 not false
see docs:
disabled = [0|1]
* Specifies whether or not the input is enabled.
* 1 to disable the input, 0 to enable it.
* Defaults to 0 (enabled).
If this does not help:
hope this helps ...
cheers, MuS
I have restarted the UF and changed disabled =0
11-12-2014 11:38:42.420 -0500 ERROR ExecProcessor - message from "python /opt/splunkforwarder/etc/apps/TA-sos/bin/nfs-iostat_sos.py" import splunk.bundle
11-12-2014 11:38:42.420 -0500 ERROR ExecProcessor - message from "python /opt/splunkforwarder/etc/apps/TA-sos/bin/nfs-iostat_sos.py" ImportError: No module named splunk.bundle
11-12-2014 11:38:42.426 -0500 ERROR ExecProcessor - message from "/opt/splunkforwarder/etc/apps/TA-sos/bin/ps_sos.sh" /bin/sh: 1: /opt/splunkforwarder/etc/apps/TA-sos/bin/ps_sos.sh: Permission denied
11-12-2014 11:38:47.429 -0500 ERROR ExecProcessor - message from "python /opt/splunkforwarder/etc/apps/TA-sos/bin/nfs-iostat_sos.py" Traceback (most recent call last):
11-12-2014 11:38:47.429 -0500 ERROR ExecProcessor - message from "python /opt/splunkforwarder/etc/apps/TA-sos/bin/nfs-iostat_sos.py" File "/opt/splunkforwarder/etc/apps/TA-sos/bin/nfs-iostat_sos.py", line 27, in
looks like some permission troubles, check the file and directory permission and that the user running the Splunk UF is set correctly