All Apps and Add-ons

Splunk App for Infrastructure entity inactive after 3 minutes of collecting data

hgu
Explorer

Currently, I have a search head running Splunk Enterprise 7.2 on Windows Server machine and an indexer running Splunk Enterprise 7.2 on another Windows Server machine. I have installed Splunk App for Infrastructure (1.2.0) on the search head and have installed Splunk Add-on for Infrastructure (1.2.0) + Splunk Universal Forwarder (7.1.1) on the indexer.

I set up Splunk App for Infrastructure and added the indexer as an entity. I was able to observe about 3 minutes of the indexer's status/performance before data stopped being collected. Now in the Entities view, the indexer is marked as "Inactive". Also, in the Analysis tab for the indexer, I'm getting a lot of errors saying "Unknown search command 'mcatalog'."

I have no idea why the indexer is inactive. Splunkd and the SplunkUniversalForwarder services are running on the indexer. Any ideas on what might be wrong would be really appreciated!

0 Karma
1 Solution

hgu
Explorer

I made a dumb mistake. The powershell script that I'm supposed to run when I add an entity was pointed to the search head instead of the indexer. I must've had it correct at one point for 3 minutes before rerunning the incorrect one, causing the 3 minutes of misleading success.

View solution in original post

0 Karma

hgu
Explorer

I made a dumb mistake. The powershell script that I'm supposed to run when I add an entity was pointed to the search head instead of the indexer. I must've had it correct at one point for 3 minutes before rerunning the incorrect one, causing the 3 minutes of misleading success.

0 Karma
Get Updates on the Splunk Community!

Announcing General Availability of Splunk Incident Intelligence!

Digital transformation is real! Across industries, companies big and small are going through rapid digital ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...