Carbon Black Cloud: How to fetch logs for VMware Carbon Black Cloud App for Splunk
book
Article ID: 291927
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
Retrieve app logs in Splunk 8.x while troubleshooting an issue with VMware Carbon Black Cloud App for Splunk
Environment
- Carbon Black Cloud Web Console: All Versions
- Splunk: 8.x (On-Premise only)
- VMware Carbon Black Cloud App for Splunk: 1.x
Resolution
- Using a shell prompt on the appropriate Splunk node, go to the folder
$SPLUNK_HOME/bin
in *nix or %SPLUNK_HOME%\bin
in Windows - Run the following command, according to which Splunk node is experiencing the issue:
- Main app (single instance or distributed)
splunk diag --collect=app:vmware_app_for_splunk
- IA/Input Add-on (on Heavy Forwarder; distributed instance only)
splunk diag --collect=app:IA-vmware_app_for_splunk
- TA/Technology Add-on (on Indexer; distributed instance only)
splunk diag --collect=app:TA-vmware_app_for_splunk
- This will generate a file in the Splunk home directory named: diag-<server name>-<date>.tar.gz
Additional Information
- This article is for general reference purposes
- If any difficulties are encountered while gathering Splunk logs, please contact Splunk for support
- Customers using Splunk Cloud Platform will need assistance from Splunk support
Feedback
thumb_up
Yes
thumb_down
No