Hi all-
I have a free splunk server setup which is gathering all my syslog data from switches, etc.
Im moving on to get our OS's to forward their log data to splunk. Everything I talked of here is on linux, intalled using the RPM.
I set up the splunk server to receive on port 9997.
After installing it, I followed the docs and ran the following on the remote host:
cd /opt/splunk/etc
mv splunk-forwarder.license splunk.license
cd /opt/splunk/bin
./splunk start
./splunk enable app SplunkLightForwarder
./splunk restart
./splunk add forward-server :9997
./splunk restart
However I dont have anything showing on the splunk server for that host. This is a server where lots gets dumped to /var/log/messages so there should be something showing in the splunk server for it. Im pretty green on splunk right now and am probably missing something easy but cant find it - Ive searched lots before posting. Id appreciate any help.
Thanks!
... View more