Splunk Stream: Forwarder management group has no e...

gustavomichels · ‎11-28-2017

Hello,

Trying to create a specific forwarder group in the Stream app. Using Stream 7.1.1 on a 6.6.1 Search Head Cluster.

In Distributed Forwarder Management, the group is created and the preview matches the nodes:

However, the change never takes effect and the hosts remain in the defaultgroup.

Any clues what is going on?

nathanluke86 · ‎01-06-2020

I have this issue also and believe the issue is caused by the Stream app on Splunk Cloud.

If I create a group within the app on my hybrid Search Head which I am using to configure streams it won't match a forwarder even though it has been discovered.

On Splunk Cloud, If I duplicate the group created on the Hybrid SH it will then match the forwarder on the Hybrid Sh.

I have been informed that configuring streams on Cloud is not allowed but I am struggling to find an alternative solution.

On Splunk Cloud the Stream TA is needed for the indexing layer but I am wondering whether removing the app from Cloud will it fix this issue.

Has anyone had any progress with this issue

cesaccenturefed · ‎02-15-2019

I'm also having this issue too. I'm using a search head cluster, my stream app location defined on the forwarder is the VIP sitting in front of the cluster. The forwarder is actively calling in so I'm not sure why my forwarder is not populating to my new group.

Splunk Stream: Forwarder management group has no effect on clients

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms