It is likely the data is in an index not searched by default. Try this search instead:
index=* host=DESKTOP-<what_ever_that_is>
Let us know if that works!
Happy Splunking,
Rich
It is likely the data is in an index not searched by default. Try this search instead:
index=* host=DESKTOP-<what_ever_that_is>
Let us know if that works!
Happy Splunking,
Rich
I have a forwarder installed on ubuntu vm and i am forwarding data to my splunk running on Windows 10.
When i goto setting-> monitoring ->instance-forwarder i can see that there is 1 connection and i am receiving data from ubuntu instance
But what i click run a search and query throught it for available hosts it does not show ubuntu under host list.
I have posted snapshot for both received data and host list above
Can you please elaborate on the question?
I am receiving data in my splunk enterprise from universal forwarder installed on ubuntu vm and i can see that under ...
Monitoring console -> forwarder: instances
It shows me instance ... ubuntu and data rate and all graphs . (Refer snapshot 1 above)
but when i click run a search and check available host to query through list does not contains ubuntu as a host which it should have (snapshot 2)
plz help me on how to get that data and query on it.
try searching for index=main (or what ever index you have established to forward events to ) host="host_name"
so from what I am seeing in the screen shots
index=main host=ubuntu
that should do it - if not use a wildcard on the index= ( index=*) to troubleshoot
What is your search parameter ?
I am receiving data in my splunk enterprise from universal forwarder installed on ubuntu vm and i can see that under ...
Monitoring console -> forwarder: instances
It shows me instance ... ubuntu and data rate and all graphs . (Refer snapshot 1 above)
but when i click run a search and check available host to query through list does not contains ubuntu as a host which it should have (snapshot 2)
plz help me on how to get that data and query on it.