Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk forwarder, instance, Sending log from my Linux installed on Hyper-v

ibztek
Loves-to-Learn Lots
‎08-26-2023 04:07 PM

I'm trying to send log from my Linux installed on Hyper-v windows into my Splunk instance and it data doesn't seem to reach it's destination. I have entered the port number in my Splunk instance - Receive data - configure receiving and entered my port number. i edited my input.conf file and why can't I see my log in Splunk???

Labels (1)
Labels
0 Karma
Reply

ibztek
Loves-to-Learn Lots
‎08-28-2023 03:25 AM

write now i am getting error when i try to ping splunkdeploy.customerscallnow.com: name or service not known..i seem to follow a prety nice instruction but i am not yet able to connect 

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎08-28-2023 09:34 AM
This error told that your DNS service cannot found it for that name. You should fix it first and then check if UF works after that.
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎08-27-2023 11:52 AM

Check the contents of /opt/splunkforwarder/var/log/splunk/splunkd.log on your forwarder (especially the last entries in that log). That should show you whether it tried to connect to the indexer and if it did, why it failed.

0 Karma
Reply

ibztek
Loves-to-Learn Lots
‎08-28-2023 03:55 AM

it is tryiing to connect but it failes with name or service uknown

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎08-28-2023 04:03 AM

So either your outputs.conf in the forwarder point to a wrong server or you have DNS problems in your VM.

0 Karma
Reply

ibztek
Loves-to-Learn Lots
‎08-26-2023 04:52 PM 
index=_internal host=<your UF node name + *> earliest=1

doesn't seem to reply anything.

 

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎08-27-2023 02:33 AM

You could find your UF’s name from its $SPLUNK_HOME/var/log/splunk/splunkd.log. That log file contains also information if it can send it’s own logs to splunk server.

I assume that you have outputs.conf on place and it has defined your splunk server as a target?

0 Karma
Reply

ibztek
Loves-to-Learn Lots
‎08-26-2023 04:40 PM

iam trying to find my uf node name..im very new to splunk

0 Karma
Reply

ibztek
Loves-to-Learn Lots
‎08-26-2023 04:20 PM

i don't see my host in the splunk at all.

0 Karma
Reply

ibztek
Loves-to-Learn Lots
‎08-26-2023 04:19 PM

how can i do that, can you be a bit specific ? thank you

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎08-26-2023 04:22 PM

You could make a query on sh like 

index=_internal host=<your UF node name + *> earliest=1

this should show some entries, if your UF has connection to server. 

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎08-26-2023 04:10 PM

Hi

can you see that your UF has sent its internal logs to server?

r. Ismo

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...