Hi Friends,
I am trying to add Linux logs in Splunk, Created server class and added the app details. completed all the basic steps but still i cant find the data in splunk head . below you can find the sample logs from server. Anyone please suggest me config file for the same .
Sample log format :
01:00:07.703 STATUS: TRelease: TRACK: 201907160100NASDAQ_NDE__1000252590 en-synd1_0_3001.hld being marked ready for delivery.
01:00:07.703 STATUS: TRelease: TRACK: Leaving shm_keydist_check_response(): re ady count = 1
01:00:07.703 STATUS: TRelease: TRACK: 1 responses are ready to process.
01:00:07.703 STATUS: TRelease: TRACK: Preparing release files for 201907160100 NASDAQNDE____1000252590_en-synd1_0_3001.hld. Received all 1 replies back.
01:00:07.704 STATUS: TRelease: TRACK: prepare_release_list()
01:00:07.704 STATUS: TRelease: TRACK: add_in_serials() Added 2 serial numbers
01:00:07.704 STATUS: TRelease: TRACK: Serial 3001: delivered release file: 201 907160100NASDAQNDE____1000252590_en-synd1_0_3001.rls.
01:00:07.706 STATUS: TRelease: TRACK: Serial 3002: delivered release file: 201 907160100NASDAQNDE____1000252590_en-synd1_0_3001.rls.
01:00:07.707 STATUS: TRelease: TRACK: shm_keydist_clear_slot_by_id(0) - 201907 160100NASDAQNDE____1000252590_en-synd1_0_3001.hld
01:00:07.794 STATUS: TsynDg1-1: TRACK: shm_keydist_update_sent() - 2019071601 00NASDAQNDE______1000252594_en-synd1_0_3001.hld
01:00:07.794 STATUS: TsynDg1-1: TRACK: find_slot_by_filename(201907160100NASDA
Which apps have you included in the server class? Do any of them include inputs.conf? What are the inputs.conf settings? Is there an outputs.conf that tells the forwarder where the indexers are? Have you verified the apps are installed on the forwarder?
Hi niranjan28,
can you please describe your setup?
Is there a Splunk Universal Forwarder sending data to your Indexer?
If yes: Does it get listed in your Monitoring Console correctly?
Kind regards,
Michael