Hi,
I'm having some problems with DB Connect installed on a Heavy Forwarder. The logs appear to be shipped to the indexer, but they are being shipped with a source type of dbmon:spool not sm_access as defined in the configuration. Other log files being shipped through (i.e. not from the forwarder itself) the forwarder are being received correctly. The inputs.conf configuration is below.
[script://./bin/jbridge_server.py]
disabled = 0
[batch://$SPLUNK_HOME/var/spool/dbmon/*.dbmonevt]
crcSalt = <SOURCE>
disabled = 0
move_policy = sinkhole
sourcetype = dbmon:spool
[dbmon-tail://server_db/very_long_title-Test]
host = server2
index = tst_index_name
interval = 2 * * * *
output.format = kv
output.timestamp = 0
sourcetype = sm_access
table = smaccesslog4
tail.rising.column = db_TIMESTAMP
NB: The inputs.conf has been modified a little to remove sensitive information.
I am getting an error in the serverclass.conf, when I go to the Forwarder Management page on the forwarder. I can't see any errors in the file, but I've only just started playing with Splunk so I could very well be missing something.
[global]
repositoryLocation = $SPLUNK_HOME/etc/deployment-apps
targetRepositoryLocation = $SPLUNK_HOME/etc/apps
tmpFolder = $SPLUNK_HOME/var/run/tmp
stateOnClient = enabled
restartSplunkWeb = False
restartSplunkd = False
continueMatching = true
endpoint = $deploymentServerUri$/services/streams/deployment?name=$tenantName$:$senter code hereerverClassName$:$appName$
Has anyone got any ideas on what might be going on?
Thanks,
... View more