0

uberagent.log not collected on splunk

I have installed agent on my laptop where is running Splunk 6.5. I have installed index and also searchead  uberagent app. On uberagent conf file i have set port 13000 and the metrics are collected but not log file uberagent.log are not collected in splunk and i can't understand why:

 

2017-09-02 20:16:43.083 +0200,DEBUG,WORKGROUP,IBM984-PC06R3PQ$,9452,ComputeResults,Timer #5 <Network performance> Starting data retrieval...
2017-09-02 20:16:43.091 +0200,DEBUG,WORKGROUP,IBM984-PC06R3PQ$,9452,ComputeResults,Timer #5 <Network performance> Finished data retrieval.

 

can you help me?

4 comments

  • Avatar
    Helge Klein Official comment

    uberAgent.log is uberAgent's log file (detailed information). The purpose of uberAgent's log file is to help troubleshooting in case the agent is not working as expected.

    uberAgent's log file is not collected and sent to Splunk by uberAgent. The main reason for that is that it would significantly increase the data volume and thus Splunk's licensing costs.

    We provide the uberAgent Log Collector Splunk app as an optional component for organizations that want to collect uberAgent's log file. The log collector app requires Splunk's Universal Forwarder, which is the component that actually does the work of looking for changes in the log files and send them to Splunk.

  • 0
    Avatar
    marco soave

    i have understand that to read the lo uberagent.log is necessary install a splunk universal forwarder in the same machines ehre is running uberagent.

     

    But one question. Why on app uberAgent Log Collector the panel and search inside the dashbaord search on uberagent log and not on uberagent_log?

  • 0
    Avatar
    marco soave

    Specify: hy on app uberAgent Log Collector the panel and search inside the dashbaord search on uberagent INDEX and not on uberagent_log INDEX? The second one is createdwith the app for index of uberAgent Log Collector app.

  • 0
    Avatar
    Helge Klein

    I am not sure I follow. The searches used on the dashboards of the uberAgent_logcollector Splunk app search the index uberagent_log. Here is an example from log_detail.xml:

    index=uberagent_log sourcetype=uberAgent:log $Severity$ | search host=*$HostFilter$* $FilterString$ | table _time Severity Domain User ThreadId Category Message

Please sign in to leave a comment.