All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk App for Unix not showing hosts from peered indexers...

samlll42
Explorer
‎07-01-2014 05:25 PM

Hi Everyone

Problem: On Splunk App for Unix (latest versions of all the components) on a search head I cannot see hosts from indexers peered to the search head. The data is there if I do a search on index=os ( I can see perf data for all the hosts: CPU, PS etc...), but in the dashboard I can only see the hosts indexed locally (local host and a forwarder). What am I doing wrong?

Example:

= splunk-search (local indexer and search-head) peered with splunk-indexer

=== splunk-forwarder X (forwarding to splunk-search)

=== splunk-forwarder Y (forwarding to splunk-search)

=splunk-indexer (local indexer)

=== splunk-forwarder A (forwarding to splunk-indexer)

=== splunk-forwarder B (forwarding to splunk-indexer)

=== splunk-forwarder C (forwarding to splunk-indexer)

If I go to Splunk App for Unix dashboard on splunk-indexer I can see hosts for:

  • splunk-indexer (local) + splunk-forwarder A, B, C (which is expected)

If I go to Splunk App for Unix dashboard on splunk-search I can only see hosts for:

  • splunk-search (local) + splunk-forwarder X,Y - NOT splunk-indexer, nor splunk-forwarder A, B and C

But when I do a search on splunk-search index=os I can see data being found for all hosts.

Do I need to setup Splunk App for Unix in a specific way to display data for remote/peered indexes?

Reply

Strunk
Explorer
‎07-17-2014 08:49 AM

See this question:

http://answers.splunk.com/answers/132477/adding-hosts-to-splunk-app-for-unix

What worked for me was following those instructions to ensure each host was added to a group, which was then added to a category. I'm guessing that because I deployed the app to the universal forwarders/deployment clients after installing the app on the deployment server/index, the categories and groups weren't populated automatically.

Reply

Strunk
Explorer
‎07-17-2014 08:35 AM

I'm having the same problem, with getting data back from universal forwarders. The data is making it to the indexer/deployment server, but it's not showing up in the dashboard.

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...

Index This | When is October more than just the tenth month?

October 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...