Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

change indexer - point forwarder to another index server.

nurtdi
Path Finder
‎05-23-2011 02:16 PM

Hi,
I have one index server "A" and another one "B".
For a while I had few forwarders to send data to "A" (each forwarder data to specific index).
Now, I need to point one of the forwarders (let's call it "C") to "B".
I have added an index of "C" to "B" (same as on "A"), changed "C"'s outputs.conf to send data to "B", restarted both B and C...
I see connection from C to B, but no data is being sent.
To add some complexity - using SSL, so the data is encrypted and compressed.
I cannot find any traces of the problem in the logs, even in debug mode.
If you had been there - Your help is greatly appreciated!

Thank you, ildus

Tags (3)
Reply
1 Solution
Solved! Jump to solution
Solution

nurtdi
Path Finder
‎05-23-2011 09:01 PM

Well, it is embarrassing to admit... I had a small typo in inputs.conf

View solution in original post

0 Karma
Reply
Solved! Jump to solution

nurtdi
Path Finder
‎05-23-2011 09:18 PM

thank you for your help! I still did not get it to work, but I know it is SSL Certs issue now. My typo was in inputs.conf on server B and I simply overlooked an error 'Can't read certificate file'...

0 Karma
Reply
Solved! Jump to solution
Solution

nurtdi
Path Finder
‎05-23-2011 09:01 PM

Well, it is embarrassing to admit... I had a small typo in inputs.conf

0 Karma
Reply
Solved! Jump to solution

bwooden
Splunk Employee
Splunk Employee
‎05-23-2011 08:45 PM

If you don't see anything in the logs - it may be worth verifying the new index is available as a 'selected index' for the admin role (via the Manager).

0 Karma
Reply
Solved! Jump to solution

nurtdi
Path Finder
‎05-23-2011 07:50 PM

The roles are not defined yet, all done under admin role.
I have generated the SSL certs and keys (really good answer on SSL setup is here: http://splunk-base.splunk.com/answers/7164/how-do-i-set-up-ssl-forwarding-with-new-self-signed-certi...), no errors connecting forwarder to index server (although I suspect the problem might be here somewhere).
thank you, ildus

0 Karma
Reply
Solved! Jump to solution

bwooden
Splunk Employee
Splunk Employee
‎05-23-2011 06:10 PM

When you created index "C" to indexer "B" did you also update the roles so that they searched index "C" by default?

Are you using the Splunk default certs for SSL or custom?

0 Karma
Reply
Get Updates on the Splunk Community!

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...
Top