All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk stream with a deployment server

mcbradford
Contributor
‎12-11-2018 01:10 PM

I am having trouble getting stream working in a distributed deployment with heavy forwarders.

A few points:

If Stream is pushed to universal forwarders (UFs) from a deployment server (DS), when the stream forwarders sends configuration changes to the UF, wouldn't the app with the configurations on the UF be over-written after the UF checks in to the DS?

We have a DMZ, with a heavy forwarder (HF) that also servers as a DS. This system also has stream, because the systems in the DMZ cannot talk to the stream server located on the internal network. I had to also turn the DS/HF into a search head and tell it how to reach the indexers for the stream app to work.

I see where stream thinks it is collecting events from a few of the systems, but I am not seeing events???

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

We’ve discovered a bug that affected the auto-clear of Synthetic Detectors in the Splunk Synthetic Monitoring ...

Video | Tom’s Smartness Journey Continues

Remember Splunk Community member Tom Kopchak? If you caught the first episode of our Smartness interview ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud? Learn how unique features like ...