Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Cannot see host on the Splunk server

triptrops
Explorer
‎09-14-2011 07:03 PM

I need help on my Splunk server. I cannot see the host the splunk server.
here is what my setup went:

1) install full splunk on server1. Installed *nix app and verified that it is collecting data.

2) install full splunk on server2. Installed *nix app and verified that it is collecting data.

3) configure receiving on splunk server1 to port 9997.

4) Enabled forwarding on server2.

cd /opt/splunk/bin

./splunk start

./splunk enable app SplunkLightForwarder

./splunk restart

./splunk add forward-server :9997

./splunk restart

5) Opened splunk server1 web but did not see server2.

Please advise, I appreciate your help ,thank you.

Tags (1)
0 Karma
Reply

sdwilkerson
Contributor
‎09-14-2011 07:20 PM

Triptrops,

In your step above: "./splunk add forward-server :9997", what is the name/address of the receiving host (i.e. server1) that server2 should use? Note: That IP should go before the :9997.

When you run $SPLUNK_HOME/bin/splunk help add, you will see this example in the output:
./splunk add forward-server bologna:9997

In this case, the system bologna is the receiving host.

Set this correctly, and it will probably work.

Also, as a side note, if you are going to use the SplunkLightForwarder, you will probably be better off using the Splunk Universal Forwarder (a different installation package).

Sean

0 Karma
Reply

triptrops
Explorer
‎09-14-2011 11:41 PM

I enabled the Splunk Universal Forwarder but still the splunk server cannot see it. Am I missing some steps?

0 Karma
Reply

triptrops
Explorer
‎09-14-2011 07:30 PM

Thanks Sean for your immediate response. Actually it was a typographical error.

I did execute this line as:

./splunk add forward-server server1.domain.com:9997

I still cannot see the host.

By the way, what is the difference between the light and the universal forwarder.

Thanks

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Thanks for the Memories! Splunk University, .conf25, and our Community

Thank you to everyone in the Splunk Community who joined us for .conf25, which kicked off with our iconic ...

Data Persistence in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. What happens if the OpenTelemetry collector ...

Introducing Splunk 10.0: Smarter, Faster, and More Powerful Than Ever

Now On Demand Whether you're managing complex deployments or looking to future-proof your data ...