Hi Splunk community,
I am currently having an issue with deploying apps to universal forwards. On the deployment server side, I have the hosts set up in the whitelist for specific server classes and on the UF side, I have a deployment client on the hosts plus they are phoning home into the DS.
We are not receiving logs from these UFs because the app that contains the input.conf for these servers is not getting pushed to the UFs.
Is there a way to force the app to get pushed / am I missing a configuration that is causing this to happen? This has been a recurring problem because the app sporadically gets removed from these servers.
Thanks in advance!
Hi
you should try to find why your DC is not loading / enabling package from your DS. You could try to find the reason from internal logs with queries
index=_internal component=DS* host=<your DS>
index=_internal component=DC* host=<your UF/HF>
index=_internal component=Deploy* host=<your UF/HF>
Those messages should told to you what there is happening.
r. Ismo