Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

change indexer - point forwarder to another index server.

nurtdi
Path Finder
‎05-23-2011 02:16 PM

Hi,
I have one index server "A" and another one "B".
For a while I had few forwarders to send data to "A" (each forwarder data to specific index).
Now, I need to point one of the forwarders (let's call it "C") to "B".
I have added an index of "C" to "B" (same as on "A"), changed "C"'s outputs.conf to send data to "B", restarted both B and C...
I see connection from C to B, but no data is being sent.
To add some complexity - using SSL, so the data is encrypted and compressed.
I cannot find any traces of the problem in the logs, even in debug mode.
If you had been there - Your help is greatly appreciated!

Thank you, ildus

Tags (3)
Reply
1 Solution
Solved! Jump to solution
Solution

nurtdi
Path Finder
‎05-23-2011 09:01 PM

Well, it is embarrassing to admit... I had a small typo in inputs.conf

View solution in original post

0 Karma
Reply
Solved! Jump to solution

nurtdi
Path Finder
‎05-23-2011 09:18 PM

thank you for your help! I still did not get it to work, but I know it is SSL Certs issue now. My typo was in inputs.conf on server B and I simply overlooked an error 'Can't read certificate file'...

0 Karma
Reply
Solved! Jump to solution
Solution

nurtdi
Path Finder
‎05-23-2011 09:01 PM

Well, it is embarrassing to admit... I had a small typo in inputs.conf

0 Karma
Reply
Solved! Jump to solution

bwooden
Splunk Employee
Splunk Employee
‎05-23-2011 08:45 PM

If you don't see anything in the logs - it may be worth verifying the new index is available as a 'selected index' for the admin role (via the Manager).

0 Karma
Reply
Solved! Jump to solution

nurtdi
Path Finder
‎05-23-2011 07:50 PM

The roles are not defined yet, all done under admin role.
I have generated the SSL certs and keys (really good answer on SSL setup is here: http://splunk-base.splunk.com/answers/7164/how-do-i-set-up-ssl-forwarding-with-new-self-signed-certi...), no errors connecting forwarder to index server (although I suspect the problem might be here somewhere).
thank you, ildus

0 Karma
Reply
Solved! Jump to solution

bwooden
Splunk Employee
Splunk Employee
‎05-23-2011 06:10 PM

When you created index "C" to indexer "B" did you also update the roles so that they searched index "C" by default?

Are you using the Splunk default certs for SSL or custom?

0 Karma
Reply
Get Updates on the Splunk Community!

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...

Index This | What goes away as soon as you talk about it?

May 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this month’s ...
Top