Troubleshoot cloned systems not sending data
Data from cloned systems do not appear in Splunk Enterprise.
Take one or more of the following steps:
-
Check if the universal forwarder is running:CODE
sudo systemctl status Splunkd -
To verify the configuration, list the Splunk indexes or other Splunk instances that the universal forwarder is configured to send data to:CODE
/opt/splunkforwarder/bin/splunk list forward-server -
Monitor logs in real time to detect issues in the universal forwarder operation:CODE
tail -f /opt/splunkforwarder/var/log/splunk/splunkd.log