Deployment Architecture

Single index on indexer not getting new data. Other indexes are.

a238574
Path Finder

I have a splunk cluster with 3 indexers. I have a non replicated index that for some reason has stopped getting new data on one of the indexers. Other indexes on the same node are getting data. What can I look for to figure out why this index on the one node is not getting new data. The data is coming from a pair of Heavy Forwarders which is my 1st target to check but not sure where to look.

Tags (1)
0 Karma
1 Solution

a238574
Path Finder

Found my issue... the indexer in question had been moved to a new IP but the config change had not been updated on the HF

View solution in original post

0 Karma

a238574
Path Finder

Found my issue... the indexer in question had been moved to a new IP but the config change had not been updated on the HF

0 Karma

harsmarvania57
SplunkTrust
SplunkTrust

Start with error message in $SPLUNK_HOME/var/log/splunk/splunkd.log on Indexer and Heavy Forwarder. Also check whether receiving port is listening on Indexer.

0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...