Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

The deployment server did not find any clients

yin_guan
Explorer
‎12-30-2024 02:22 AM

Hello evereone

I encountered an issue, as shown in the image. I can see two machines in the MC's forwarder dashboard, but I don't see any machines in my forwarder management. 

I have added the following configuration to DS, but it still doesn't work after restarting

[indexAndForward]
index = true
selectiveIndexing = true

The deployment server and UF are both version 9.3.

What aspects should I check?

 

yin_guan_0-1735553921738.png

yin_guan_1-1735553940158.pngyin_guan_2-1735553985513.png

yin_guan_3-1735554008511.png

 

 

Labels (1)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎12-30-2024 02:41 AM

Hi @yin_guan ,

at first, you don't need to locally index anything on the DS, so you can have :

[indexAndForward]
index = false

Then, did you checked if firewall route between UF and DS is open for the Management Port 8089 used by the DS ?

You can check it from the UF using telnet:

telnet 192.168.90.237 8089

Then, on the UF, I suppose that you configured outputs.conf in $SPLUNK_HOME/etc/system/local, is it true?

it's a best practice do not configure outputs.conf in $SPLUNK_HOME/etc/system/local, but in a dedicated add-on deployed using the DS.

At least, two or three minutes are required for the connection to the DS.

Ciao.

Giuseppe

0 Karma
Reply

yin_guan
Explorer
‎12-30-2024 06:36 PM

I found the problem, I needed to add the following to the inputs.conf file of UF, I don't know if this is a problem after the update or if it was also needed before, obviously when I typed it they showed

[default]
host = 192.168.90.233

 

 

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎12-30-2024 11:18 PM
This is interesting! There should be $decideOnStartup$ (or something similar) as default, which gives you the current hostname when node / UF service has started.
Is this multi interface node or any issues with hostname or is there any inputs which set host name / ip?
0 Karma
Reply

yin_guan
Explorer
‎12-30-2024 11:52 PM

I'm not sure what caused it. Normally, it shouldn't be caused by the inputs.cof file. The previous MC/DS was a distributed indexer cluster management node, and after the restart, it became a single deployment server.

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎12-31-2024 12:31 AM
Wait a minute, are we talking about server side not UF side? And you have several server roles in one splunk instance? If then you must read this https://docs.splunk.com/Documentation/Splunk/latest/Deploy/Manageyourdeployment and follow those restrictions what it has!
0 Karma
Reply

yin_guan
Explorer
‎12-31-2024 02:06 AM

It may be because my DS and CM are installed together. I need to test it further.

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎12-31-2024 02:20 AM
Based on that document DS + CM is not allowed (supported) combination in one server instance.
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎12-30-2024 05:10 AM

This has changed on 9.2 see https://docs.splunk.com/Documentation/Splunk/9.2.0/Updating/Upgradepre-9.2deploymentservers

If you have distributed environment where DS is not your only indexer you must follow above instructions.

Do you have look from internal logs (_internal and those _ds*) if there are any hints why those are not seen on DS's screens?

0 Karma
Reply
Get Updates on the Splunk Community!

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Community Feedback

We Want to Hear from You! Share Your Feedback on the Splunk Community   The Splunk Community is built for you ...

Manual Instrumentation with Splunk Observability Cloud: Implementing the ...

In our observability journey so far, we've built comprehensive instrumentation for our Worms in Space ...