I have streamfwd "running" on OSX
I see the following errors in the Splunk interface when I run the search
index=_internal sourcetype="stream:log"
SnifferReactor failed to open pcap adapter for device <en1>. Error message:
Unable to ping server (591fb575-3b32-421a-956f-2f3b512ecda9): Unable to establish connection to localhost: Connection refused
Splunk is running as a privileged user (started splunk using sudo) and setuid.sh has been run in Splunk_TA_stream directory.
any ideas?
... View more