Hi Rich, that did help and I was able to get to that folder. I will try to use the user splunk splunk:
I'm trying to follow the next steps and get it to contact my Splunk indexer.
I added the FW command
Step 5. firewall-cmd --zone=public --add-port=8089/tcp –permanent
Step 5. firewall-cmd --zone=public --add-port=9998/tcp –permanent
Step 6. firewall-cmd –reload
I use a splunk deploy app and
These "apps" are installed into /etc/apps (reverse the slashes if on windows, but still the same path). A properly configured forwarder will have the following apps installed:
use_splunkdeploy (installs config required to talk to the deployment server)
I've edited my inputs.conf to add index. hostname was already there.
I've restarted splunk but I'm not getting any traffic or the fwd_to_cluster_ssl folder not being created. I'm checking FW logs and not even seeing the block. What should I check next?
Splunk Service is running,
input.conf updated
config files uploaded
Local FW ports opened
... View more