I just downloaded and installed the 2.1 beta, using the rpm on a RHES4 system to check out how things have progressed with splunk. I setup a basic index for /var/log/messages but I dont see this on the main web page any longer? I used to see the list of log files tailed/indexed with the previous releases? Has something changed? What am I missing?
The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.
Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.
Forums: SplunkGeneral: Where are my tail log files now? with 2.1 beta
Previous Topic: How to schedule Splunks at a particular time | Next Topic: UNIX Time Conversion
Posts 1–2 of 2
The start page will list the Hosts, Source Type, and Sources. Each of those columns will display 10 entries per column. If you have more than 10 sources configured it may be that /var/log/messages is below the fold, you can click View All under Sources to confirm. You can also try a query for source::/var/log/messages/ to see if any results are being returned.
If that source is not being indexed paste the tailing section of you $SPLUNK_HOME/etc/bundles/local/inputs.conf in your reply and we can investigate further.