I have installed a forwarder on my apache serer and I see traffic (logs) moving from the web server to the indexers. When I run the command below on my search heads (plus ITSI), I get nothing.
| eventcount summarize=false index=* index=_* | dedup index | fields index
my input.conf: [monitor:///web/JBossWeb/jws-3.0/https/logs/access.log.$(date +%Y.%m.%d)] sourcetype=apache_access disabled = 0 index = apache
[monitor:///web/JBossWeb/jws-3.0/https/logs/error.log.$(date +%Y.%m.%d)] sourcetype=apache_error disabled = 0 index = apache
Please help. Thank you.
... View more