HI All,
I wanted to create a table to list all the hostnames, which are not sending logs to at least any one of the indexers.
This will help me to know the hosts which have a problem connecting to indexers.
Thanks in Advance.
Happy Splunking 🙂
There is a section for that on the Monitoring Console:
https://docs.splunk.com/Documentation/Splunk/7.3.0/DMC/Configureforwardermonitoring
There is an app for that:
https://splunkbase.splunk.com/app/3247/
Also see here:
https://answers.splunk.com/answers/672753/how-to-display-zero-count-in-a-stats-table.html
Check out this example.
https://gosplunk.com/forwarder-diagnostics-last-time-data-was-received-by-index-and-sourcetype/