Hi @PickleRick , Q:-What do you mean by "logs are not getting forwarded"? How do you know that? It is because when am using network port UDP:5514, I can see logs into Splunk but when am trying to forward logs into Splunk. We are unable to do so. we are trying to send /var/log/messages Q:-Do you have any errors in your /opt/splunkforwarder/var/log/splunk/splunkd.log on your forwarder? No, we could not see any errors. It was there earlier but we fixed. 02-08-2022 15:39:15.907 +1100 ERROR TailingProcessor - Input stanza path, 'var/log/messages' is not absolute. This is a configuration error and may not work / break things. Change this path to an absolute path. Q:- whether you're getting data from that forwarder at all? Yes, we are getting data. Below is the sample. Feb 14 22:35:27 host1 Container_ImageInventory[2911256]: Container image name () is improperly formed and could not be parsed in SetRepositoryImageTag Regards, Rahul Gupta
... View more