I installed a Instance of Splunk, setup 3 servers with the forwarders installed pointing to the main instance on port 9997. (License server, XenApp Data Collector/Xml broker and regular Xenapp server. I copied the folders for the snapins for each type of server to the "C:\Program Files\SplunkUniversalForwarder\etc\deployment-apps" The Index is installed for xenapp since it gets installed during the xenapp snapin install but its not receiving any data.
I get the message "no matching fields exist" on top and "No results found" I don't see any Farms listed to click on so its not even connecting to the Farm servers I tried to add. I don't have any firewalls in between so its not blocking any ports. I setup a receiver listening on port 9997 on the Main instance but still no data.
This below is the Output file of a server thats forwarding data.
[tcpout]
defaultGroup = default-autolb-group
[tcpout-server://nwnifictx040.usa-ed.net:9997]
[tcpout:default-autolb-group]
disabled = false
server = nwnifictx040.usa-ed.net:9997,nwnifictx040:9997
[tcpout-server://nwnifictx040:9997]
This is a server forwarding data's Input file
[default]
host = NWNIFICTX030
let me know if any other information is needed.
This is a evaluation setup that I was really trying to get a good look at before tomorrow.
thanks,
Matt
... View more