Hi!
I am getting a strange thing happening. My Heavy Forwarder (CentOS 7 Linux) running Splunk 6.2.5 is periodically stopping forwarding the data that is being sent to it via a UDP:514 rsyslog stream.
Weirdly, the same Heavy Forwarder is still sending in its own data for the Linux App. When I restart the splunkd service, the forwarder starts forwarding again.
When I check the _internal index on the separate Search Head, I see no data at all for this Heavy Forwarder, though. Should I? Also, why is this HF stopping sending on data?
Kindest regards,
BlueSocket
↧