Hello fellow splunk users!
I am encountering a problem with indexing .csv files.
A bit of background story:
I am trying to index Windows Server 2003 data. Installing an universal forwarder does not work on this machine (the OS is too old apparently). Therefore, I installed a tool on the machine that forwards the logs to a syslog server. This works flawlessly.
The syslog server (Windows Server 2012 R2) stores the logs from the Windows 2003 Server in a local folder (C:/syslogServer/). This folder contains subfolders for each machine the syslog server collects data from (C:/syslogServer/win2003). The subfolders contain .csv files. I would like splunk to index those files.
The syslog server has an universal forwarder installed and on my distribution server I tried to configure a Data Input collecting the .csv files.
I tried all variants:
- telling splunk the path to C:/syslogServer (apparently it should recursively index all subfolders / contained files)
- telling splunk the path to C:/syslogServer/win2003
- telling splunk the path to the file I would like to index directly: C:/syslogServer/win2003/file.csv
See image for details.
![files and directories][1]
I also tried uninstalling the universial forwarder on the syslog server and reinstalling it to tell the installer that I want to index the file (thus not using the deoployment server, but manually entering the indexer)
Result:
- no data from the created index is being found
- no data from the given source is being found
- no data from the given source type is being found
Also, I could not find any error messages in the log files. (python.log, splunkd.log)
Can someone please tell me what to do? Or is there any other way to index data from a Windows 2003 server?
[1]: /storage/temp/71179-unbenannt.png
↧