Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I remove hosts from the Forward and Receiving dashboard in the Distributed Management Console?

slebbie_splunk
Splunk Employee
Splunk Employee
‎01-10-2017 08:28 AM

I've disabled and removed the hosts from tcpoutput stanzas via the outputs.conf file, but the old hosts are still in the Distributed Management Console Why?

Whenever I try to remove the hosts, it says [tcpoutput://ipaddress] not found in outputs.conf. How do I remove it from the DMC completely?

*This is a question I am answering on my own because it took me a while to figure it out and I know that it may bother other folks out there so hope this helps.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

hunters_splunk
Splunk Employee
Splunk Employee
‎01-10-2017 03:55 PM

Hi slebbie,

Are you referring to the Forwarders: Deployment dashboard in Monitoring Console?
If you have stopped a forwarder from forwarding data to an indexer by removing the corresponding stanza from output.conf on forwarder, the forwarder will still be displayed on the dashboard but in missing (inactive) status.
You can filter out missing forwarders from some of the dashboard panels, but to completely remove the forwarder from the dashboard, you need to tamper with the metrics log and delete the related logs from source = /Applications/Splunk/var/log/splunk/metrics.log. Not sure this is what you want to do.

Hope this helps. Thanks!
Hunter

View solution in original post

Reply
Solved! Jump to solution

putnamblake
Path Finder
‎07-27-2020 01:06 PM

If we are talking about removing the hosts which are labeled as "missing" from MC>Forwarders> Forwarders Deployment then we are able to rebuild the Forwarders Asset Table to remove decomm'd host from the dashboard/ report. 

 

https://docs.splunk.com/Documentation/Splunk/8.0.4/DMC/Configureforwardermonitoring#Rebuild_the_forw...

0 Karma
Reply
Solved! Jump to solution

slebbie_splunk
Splunk Employee
Splunk Employee
‎04-04-2017 08:11 AM

Hi Hunters,

I totally forgot to respond to this question. Thanks for the assist.

0 Karma
Reply
Solved! Jump to solution
Solution

hunters_splunk
Splunk Employee
Splunk Employee
‎01-10-2017 03:55 PM

Hi slebbie,

Are you referring to the Forwarders: Deployment dashboard in Monitoring Console?
If you have stopped a forwarder from forwarding data to an indexer by removing the corresponding stanza from output.conf on forwarder, the forwarder will still be displayed on the dashboard but in missing (inactive) status.
You can filter out missing forwarders from some of the dashboard panels, but to completely remove the forwarder from the dashboard, you need to tamper with the metrics log and delete the related logs from source = /Applications/Splunk/var/log/splunk/metrics.log. Not sure this is what you want to do.

Hope this helps. Thanks!
Hunter

Reply
Solved! Jump to solution

ppablo
Retired
‎01-10-2017 02:24 PM

Hi @slebbie_splunk

Did you forget to post your answer in the "Enter your answer here..." field below?

0 Karma
Reply
Get Updates on the Splunk Community!

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

The University of Nevada, Las Vegas (UNLV) is another premier research institution helping to shape the next ...

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...