What was done as part of troubleshooting?
Checked the indexer and found no IO issues.
Restart splunk on myPRODServer server(universal forwarder)
found no errrors( splunk started successfully)
Logged in to search head
search -> index=perfmon host=myPRODServer --> We do not see any data.
grep permon metrics.log -> do not see any message/logs
checked splunkd.log and did not find any conclusive errors.
Collected the output of command "splunk list inputstatus" . Found the below error:
Issue perfmon.exe exited with code -1
C:\Program Files\SplunkUniversalForwarder\bin\splunk-perfmon.exe
exit status description = exited with code -1
time closed = 2018-10-10T14:20:37+0800
time opened = 2018-10-10T14:20:36+0800
Exit code "-1" ie negative is undefined.
Requested customer to restart the splunk daemon in debug mode (splunk start --debug) and collect diag.
Found no conclusive errors in diag(diag was collected when splunk was started in debug mode)
No entry/log for perfmon in metrics.log.
All the other source/sourcetype works but perfmon data is not getting forwarder to indexer.
↧