Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

SplunkForwarder not reporting\showing up on server

raphabaroudi
Engager
‎08-14-2019 08:04 AM

Hello all,

I've tried to locate an answer for this issue for the past few days with no luck. So I have decided to give it a shot here, perhaps someone ran into this issue before or at least can assist in providing assistance. Any feedback is greatly appreciated.

I am using Splunk with Dev license. Installed the forwarders on >200 Windows machines. Only about 55 are reporting back to the server. I am mainly looking in the data set > data summary > hosts to see the machines that are reporting. I am not sure why the remaining are not reporting back or showing up in the hosts list.

SplunkEnterprise Ver 7.2.6

Thank you for your time,

0 Karma
Reply

vinod94
Contributor
‎08-18-2019 07:58 AM

@raphabaroudi,

Did u check the connectivity between those forwarders and the Splunk instance?

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎08-14-2019 10:38 AM

Try this alternative method to list your forwarders.

index=_internal group=tcpin_connections 
| stats latest(version) as version latest(arch) as arch latest(os) as os latest(fwdType) as fwdType by hostname
---
If this reply helps you, Karma would be appreciated.
Reply

raphabaroudi
Engager
‎08-19-2019 04:25 AM

I have on several of them, and the seemed to communicate properly. I am still going through the splunkd.log to see if anything stands out.

0 Karma
Reply

raphabaroudi
Engager
‎08-15-2019 05:42 AM

Thank you for the response. I have tried the method above and it indicates the same number of forwarders as the ones shown in the data summary.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎08-16-2019 05:36 AM

Then you have the correct number. The next step is to determine why the remaining forwarders are not connecting. You'll need to sign in to a server that is not reporting and examine the splunkd.log file.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

You might have seen Splunk’s recent announcement about donating the OpenTelemetry Injector to the ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...