- Splunk Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Splunk Forwarder
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi I am trying to evaluate Splunk to monitor log (simple txt format) from directory.
I am able to setup everything in my local Windows Server 2008 R2 machine and I can see my log data.
Now I want to see log from remote machine [Windows 7], I have installed Splunk forwarder [splunkforwarder-4.3.2-123586-x64-release.msi] and set the required informations all ports are default according to documentation.
Now question is How to test my forwarder, I have search in KB but its very hard to understand in most of the cases "How To" information is missing.
I tried according to this thread http://splunk-base.splunk.com/answers/41307/splunk-forwarder
but no luck.
[From Splunk Documentation]
1. Test the results to confirm that forwarding, along with any configured behaviors like load balancing or routing, is occurring as expected.
How to test???
How to and where to configure???
Using Network Monitor I can see forwarder is sending data and my server receiving data.
but I can't see in Splunk UI.
Is there any way how to see the remote data and Host in Splunk UI? How to add multiple forwarder in Splunk?
Thanks in advance
Manoj
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you specify during install to monitor anything? For the windows installer it will ask, but for the *nix installs it doesn't actually monitor anything outside of itself. I've seen that happen to quite a few new users that come into the #splunk IRC channel.
To verify what you are monitoring on the forwarder, you can run the following from a command window: splunk cmd btool inputs list --debug
This will show you every input, along with what app is implementing it.
Also, you can search the _internal index for data by adding: index=_internal to your search.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you specify during install to monitor anything? For the windows installer it will ask, but for the *nix installs it doesn't actually monitor anything outside of itself. I've seen that happen to quite a few new users that come into the #splunk IRC channel.
To verify what you are monitoring on the forwarder, you can run the following from a command window: splunk cmd btool inputs list --debug
This will show you every input, along with what app is implementing it.
Also, you can search the _internal index for data by adding: index=_internal to your search.
Introducing the 2024 SplunkTrust!
Introducing the 2024 Splunk MVPs!
Splunk Custom Visualizations App End of Life
