My situation is I have installed Splunk Forwarder on some of the development servers at the begining. Now i have uninstall the forwarder becasue of the license limitation. How can I remove all the information, including the index for those non-existing forwarders on the splunk server. They are all windows servers.

Thanks!

Joy

If a forwarder is in "quiet" status, that means it's not sending data, but it is still sending a heartbeat to its receiving indexer. So that forwarder does exist in your deployment.

If you want to get rid of a forwarder entirely, you'll need to uninstall it from whatever box it's on. The deployment monitor app only monitors; you can't use it to make changes to your deployment.

There are a number of reasons why a missing forwarder could change to a quiet forwarder. For example, perhaps there was a network interruption, or maybe the machine the forwarder resides on went down but has now restarted.

In case my previous answer confused you by talking about "automatic removal", let me clarify. I meant that, if the forwarder has gone missing, its listing will (eventually) get automatically removed from the monitor app. The forwarder itself doesn't get automatically uninstalled.

Is this automatic removal in 4.2.1? Because we just deployed 4.2 and at first we had a missing legacy forwarder and now it is still there but 'current status' says quiet. We can't get rid of it.

The deployment monitor app will now automatically remove any missing forwarders within a 24-hour period after they go missing. Users no longer need to clear the old forwarders themselves.

This is due to a fairly recent optimization in the underlying behavior of the app. Since old forwarders now get automatically cleared, there's no longer a need for that button and so it got removed from the UI. In about one minute, the button will be leaving the documentation as well. Thanks for catching this!