![]() ![]() Here is the output from the debug using btool:Ĭhecking: /opt/splunk/etc/users/admin/search/local/nfĬhecking: /opt/splunk/etc/users/admin/search/local/nfĬhecking: /opt/splunk/etc/users/admin/splunk_app_stream/local/nfĬhecking: /opt/splunk/etc/users/admin/user-prefs/local/nfĬhecking: /opt/splunk/etc/apps/Splunk_TA_bro/local/nfĬhecking: /opt/splunk/etc/apps/Splunk_TA_stream/local/nfĬhecking: /opt/splunk/etc/apps/Splunk_TA_stream/local/nf Splunk_stream_app_location = stream_forwarder_id = Here are my current config files for directory /opt/splunk/etc/apps/Splunk_TA_stream/local# Invalid key in stanza in /opt/splunk/etc/apps/Splunk_TA_stream/local/nf, line 4: dedicatedCaptureMode (value: 1). I'm currently testing dedicated capture mode on Ubuntu instead of RHEL/CentOS. Why am I getting the following error message when running dedicated capture mode for Splunk stream? Followed the instructions outlined here. Other HEC-Endpoints on the HF are working fine. We aren't getting any info regarding the HEC-Endpoint in the internal logs. Maybe that's the problem? (as described here: ) We opened to the CIDR-Blocks as described here: We confirmed that the HEC-Endpoint is working via curl. Make sure HEC endpoint is reachable from Firehose and it is healthy."* ![]() *"Destination: - Failed to deliver data to Splunk or to receive acknowledgment. It's not working currently, we're getting the error: We're trying to get cloudwatchlogs via Kinesis Firehose to a heavy forwarder in a VPC. ![]()
0 Comments
Leave a Reply. |