Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk Forwarder No Longer passing file to enterprise system

999chris
New Member
‎09-10-2016 02:55 AM

Hi All,

I'm muddling through Splunk as I go. I'm part of a team working with it but we're all having to feel our way through a little bit blind, but we have made some progress none the less as after a little while it starts to make sense.

However I was playing with the Data Inputs and Source Types on Splunk web and now the forwarder is not passing a log file through.

I cannot determine why, I managed to track down the splunkd log on the forwarder box and it says

TailingProcessor - Parsing configuration stanza: monitor://\mypath\mylog.log

Then no other mention of such file. The file has changed since it was last indexed so I don't know whats going on. Any help is greatly appreciated.

0 Karma
Reply

ddrillic
Ultra Champion
‎09-10-2016 05:09 PM

It's good to run ./splunk cmd btool inputs list monitor on the forwarder to ensure that the proper file is being monitored.

The following is great - I can't find my data!

0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

REGISTER NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If ...

Observability | Use Synthetic Monitoring for Website Metadata Verification

If you are on Splunk Observability Cloud, you may already have Synthetic Monitoringin your observability ...

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...