Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

change indexer - point forwarder to another index server.

nurtdi
Path Finder
‎05-23-2011 02:16 PM

Hi,
I have one index server "A" and another one "B".
For a while I had few forwarders to send data to "A" (each forwarder data to specific index).
Now, I need to point one of the forwarders (let's call it "C") to "B".
I have added an index of "C" to "B" (same as on "A"), changed "C"'s outputs.conf to send data to "B", restarted both B and C...
I see connection from C to B, but no data is being sent.
To add some complexity - using SSL, so the data is encrypted and compressed.
I cannot find any traces of the problem in the logs, even in debug mode.
If you had been there - Your help is greatly appreciated!

Thank you, ildus

Tags (3)
Reply
1 Solution
Solved! Jump to solution
Solution

nurtdi
Path Finder
‎05-23-2011 09:01 PM

Well, it is embarrassing to admit... I had a small typo in inputs.conf

View solution in original post

0 Karma
Reply
Solved! Jump to solution

nurtdi
Path Finder
‎05-23-2011 09:18 PM

thank you for your help! I still did not get it to work, but I know it is SSL Certs issue now. My typo was in inputs.conf on server B and I simply overlooked an error 'Can't read certificate file'...

0 Karma
Reply
Solved! Jump to solution
Solution

nurtdi
Path Finder
‎05-23-2011 09:01 PM

Well, it is embarrassing to admit... I had a small typo in inputs.conf

0 Karma
Reply
Solved! Jump to solution

bwooden
Splunk Employee
Splunk Employee
‎05-23-2011 08:45 PM

If you don't see anything in the logs - it may be worth verifying the new index is available as a 'selected index' for the admin role (via the Manager).

0 Karma
Reply
Solved! Jump to solution

nurtdi
Path Finder
‎05-23-2011 07:50 PM

The roles are not defined yet, all done under admin role.
I have generated the SSL certs and keys (really good answer on SSL setup is here: http://splunk-base.splunk.com/answers/7164/how-do-i-set-up-ssl-forwarding-with-new-self-signed-certi...), no errors connecting forwarder to index server (although I suspect the problem might be here somewhere).
thank you, ildus

0 Karma
Reply
Solved! Jump to solution

bwooden
Splunk Employee
Splunk Employee
‎05-23-2011 06:10 PM

When you created index "C" to indexer "B" did you also update the roles so that they searched index "C" by default?

Are you using the Splunk default certs for SSL or custom?

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...