Hello All,
First off let me start by mentioning that I'm a Linux newb, so please forgive me if I come off as inexperienced. Anyway, I managed to get Splunk 4.2 installed on a Cent 5.6 server. I've been trying to get some test Windows servers to forward their eventlogs to the Splunk server via Snare. Which I was able too. I then read about using the Splunk Light Forwarder. I wasn't sure if I needed to do this but enabled SplunkLiteForwarder within the Splunk Server. It then prompted me to restart the web server, which I did. Since doing so I can't get the webserver back online. I keep issuing these commands to no avail:
[root@oc-mon01 bin]# ./splunk start splunkweb
[root@oc-mon01 bin]# ./splunk restart splunkweb
splunkweb is not running.
What should I should I do to the webserver back online?
Thanks,
J
You never should enable the SplunkLightForwarder app on a Splunk Server. This app is enabled on a forwarder instance where you want to minimize resource consumption. To fix this, go to $SPLUNK_HOME/etc/apps/SplunkLightForwarder/local
and delete the app.conf
file. And then restart Splunk.
Thanks dear. it is working now
You never should enable the SplunkLightForwarder app on a Splunk Server. This app is enabled on a forwarder instance where you want to minimize resource consumption. To fix this, go to $SPLUNK_HOME/etc/apps/SplunkLightForwarder/local
and delete the app.conf
file. And then restart Splunk.
The best place to get started, is the distributed deployment manual in the documentation: http://www.splunk.com/base/Documentation/latest/Deploy/Distributedoverview
http://www.splunk.com/base/Splexicon:Forwarder
Sweet sauce!! You got me back. Ok, could you provide me some basic steps for me to do on using SplunkLightForwarder for my Windows boxes? I'm sorry, but I'm still learning what a forwarder instance means.
Thanks
I'll give it a go and report back. Thanks.