Solved: Why am I unable to forward logs from a FreeBSD mac...

Michael_Carlisl · ‎09-07-2016

Hi All,

I'm trying to forward logs from a FreeBSD machine to our Splunk Cloud instance. I've downloaded the spl file that is located within the site, but when I try to install the app, it is still not connecting. I validated that the port is open, and I have not done anything with the conf files other than using the CLI commands to add monitoring. One thing I did notice is that our Windows machines have (ssl) beside their "Active forwards" where as my "Inactive forwards" do not have (ssl) beside them. I had assumed the certificate was part of the .spl install. Any ideas?

Best,
Michael

Michael_Carlisl · ‎09-09-2016

So it turns out the spl file retrieved from the Splunk Cloud instance set Outputs.conf file in the splunkuniversalforwarder folder to a site it could not resolve. I updated that site to the ip equivalent and it started working. Not sure why this works in our non-unix environments.

View solution in original post

Michael_Carlisl · ‎09-09-2016

So it turns out the spl file retrieved from the Splunk Cloud instance set Outputs.conf file in the splunkuniversalforwarder folder to a site it could not resolve. I updated that site to the ip equivalent and it started working. Not sure why this works in our non-unix environments.

Why am I unable to forward logs from a FreeBSD machine to our managed Splunk Cloud instance?

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Adoption of RUM and APM at Splunk