All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk App for Unix not showing hosts from peered indexers...

samlll42
Explorer
‎07-01-2014 05:25 PM

Hi Everyone

Problem: On Splunk App for Unix (latest versions of all the components) on a search head I cannot see hosts from indexers peered to the search head. The data is there if I do a search on index=os ( I can see perf data for all the hosts: CPU, PS etc...), but in the dashboard I can only see the hosts indexed locally (local host and a forwarder). What am I doing wrong?

Example:

= splunk-search (local indexer and search-head) peered with splunk-indexer

=== splunk-forwarder X (forwarding to splunk-search)

=== splunk-forwarder Y (forwarding to splunk-search)

=splunk-indexer (local indexer)

=== splunk-forwarder A (forwarding to splunk-indexer)

=== splunk-forwarder B (forwarding to splunk-indexer)

=== splunk-forwarder C (forwarding to splunk-indexer)

If I go to Splunk App for Unix dashboard on splunk-indexer I can see hosts for:

  • splunk-indexer (local) + splunk-forwarder A, B, C (which is expected)

If I go to Splunk App for Unix dashboard on splunk-search I can only see hosts for:

  • splunk-search (local) + splunk-forwarder X,Y - NOT splunk-indexer, nor splunk-forwarder A, B and C

But when I do a search on splunk-search index=os I can see data being found for all hosts.

Do I need to setup Splunk App for Unix in a specific way to display data for remote/peered indexes?

Reply

Strunk
Explorer
‎07-17-2014 08:49 AM

See this question:

http://answers.splunk.com/answers/132477/adding-hosts-to-splunk-app-for-unix

What worked for me was following those instructions to ensure each host was added to a group, which was then added to a category. I'm guessing that because I deployed the app to the universal forwarders/deployment clients after installing the app on the deployment server/index, the categories and groups weren't populated automatically.

Reply

Strunk
Explorer
‎07-17-2014 08:35 AM

I'm having the same problem, with getting data back from universal forwarders. The data is making it to the indexer/deployment server, but it's not showing up in the dashboard.

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Reprocessing XML into Fixed-Length Events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...