All Apps and Add-ons

Splunk Stream: Forwarder management group has no effect on clients

Path Finder


Trying to create a specific forwarder group in the Stream app. Using Stream 7.1.1 on a 6.6.1 Search Head Cluster.

In Distributed Forwarder Management, the group is created and the preview matches the nodes:

alt text

However, the change never takes effect and the hosts remain in the defaultgroup.

alt text

Any clues what is going on?


I have this issue also and believe the issue is caused by the Stream app on Splunk Cloud.

If I create a group within the app on my hybrid Search Head which I am using to configure streams it won't match a forwarder even though it has been discovered.

On Splunk Cloud, If I duplicate the group created on the Hybrid SH it will then match the forwarder on the Hybrid Sh.

I have been informed that configuring streams on Cloud is not allowed but I am struggling to find an alternative solution.

On Splunk Cloud the Stream TA is needed for the indexing layer but I am wondering whether removing the app from Cloud will it fix this issue.

Has anyone had any progress with this issue

0 Karma

Path Finder

I'm also having this issue too. I'm using a search head cluster, my stream app location defined on the forwarder is the VIP sitting in front of the cluster. The forwarder is actively calling in so I'm not sure why my forwarder is not populating to my new group.

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...