- Splunk Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- How can I restart all my forwarders?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Splunk 6.0.1 (build 189883) on Windows 2012
- Splunk Universal Forwarder 6.0 (build 182611) on Windows 2008 mostly
For some reason an error situation occurred yesterday causing some, not all, forwarders to stop forwarding data. Logging on to each server and manually restarting the forwarder fixes the issue. But, with 62 servers, can I do this from the searchhead instead? I have tried splunk reload deploy-server but that does not seem to be the trick (I thought it did restart the forwarder, but that maybe that is only if the conf-files are changed?)
Anyways - question is: Can I restart all my forwarders in one operation?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Rune,
reload deploy-server only reloads the forwarder if there is a mismatch in the checksums generated by the configuration file bundles. There could be a more elegant approach to this, but try one of the following:
- Create an empty app (using the GUI -> Apps -> Create new App) and place it in the deployment-apps folder. Assign it to a a server class used by all your forwarders and make sure you have Restart Splunkd ticked for the specifc app. Issue reload deploy-server
- Use some kind of Windows mechanism (SCOM?) to restart the Splunkd service on all your forwarders
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Rune,
reload deploy-server only reloads the forwarder if there is a mismatch in the checksums generated by the configuration file bundles. There could be a more elegant approach to this, but try one of the following:
- Create an empty app (using the GUI -> Apps -> Create new App) and place it in the deployment-apps folder. Assign it to a a server class used by all your forwarders and make sure you have Restart Splunkd ticked for the specifc app. Issue reload deploy-server
- Use some kind of Windows mechanism (SCOM?) to restart the Splunkd service on all your forwarders
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The first suggestion worked for me. Used a vbscript to verify, see http://hellem.org/blog/index.php/2014/04/01/how-to-get-uptime-for?blog=6
Observability | How to Think About Instrumentation Overhead (White Paper)
Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)
The Great Resilience Quest: 10th Leaderboard Update
