Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk Forwarder No Longer passing file to enterprise system

999chris
New Member
‎09-10-2016 02:55 AM

Hi All,

I'm muddling through Splunk as I go. I'm part of a team working with it but we're all having to feel our way through a little bit blind, but we have made some progress none the less as after a little while it starts to make sense.

However I was playing with the Data Inputs and Source Types on Splunk web and now the forwarder is not passing a log file through.

I cannot determine why, I managed to track down the splunkd log on the forwarder box and it says

TailingProcessor - Parsing configuration stanza: monitor://\mypath\mylog.log

Then no other mention of such file. The file has changed since it was last indexed so I don't know whats going on. Any help is greatly appreciated.

0 Karma
Reply

ddrillic
Ultra Champion
‎09-10-2016 05:09 PM

It's good to run ./splunk cmd btool inputs list monitor on the forwarder to ensure that the proper file is being monitored.

The following is great - I can't find my data!

0 Karma
Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...