I have Splunk App for Infrastructure installed and configured, it works for Windows agent, but I cannot make it for Linux servers.
I run the install script, I can start both collectd and splunk agent services, but I cannot find any collectd.log file, and also cannot see Linux servers under Entities with Splunk App for Infrastructure. I can see other log files if I use searching and reporting app.
Please help.
Sounds like the whole collectd setup might not be fully set up. In my little experience with collectd, the log itself will have a few more messages for the other plugins it's collecting info on. I think there's even a DEBUG flag you can toggle on the collectd.conf...although I have a feeling your collectd.conf isn't being used and that's the problem.
If you installed with the command provided from the Splunk UI, give it another go and keep your eyes peeled for errors. In fact, you probably want to capture that text to share with support.
if you installed manually, then revisit the instructions and even peek at What are the Best Practices for collectd.conf for Infrastructure Monitoring? if it helps.
Check logs at this location : /etc/collectd.log
Also this may help:
https://docs.splunk.com/Documentation/InfraApp/1.2.2/Admin/Troubleshooting#3._Possible_causes
OK, I found this log file here /etc/collectd/collectd.log, but has only one line if I start the service:
[2019-01-03 09:23:44] [info] Initialization complete, entering read-loop.
there is no collected.log anywhere. cannot find collected.log under /etc/collectd.log or /opt/collectd/var/log
OK, I found this log file here /etc/collectd/collectd.log, but has only one line if I start the service:
[2019-01-03 09:23:44] [info] Initialization complete, entering read-loop.