Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

DMC and dual purpose Splunk server

pwilliams_splun
Splunk Employee
Splunk Employee
‎09-12-2017 08:08 AM

I have an indexer and universal forwarder on the same server. The reason for this is that the connection from the indexer to an upstream indexer loses connectivity due to the type of connection and, per the Splunk product team, the indexer will not only stop forwarding when the connection is lost, but also stop indexing. This has been confirmed with the product team as expected behavior per design.

The DMC is picking up the indexer and all other forwarders, but not the forwarder on the same instance as the indexer. The UF's internal logs are, of course, being ingested. Is DMC unable to see the instances individually? Is there any way to configure the UF or the DMC to see this invisible forwarder?

Tags (3)
0 Karma
Reply

gjanders
SplunkTrust
SplunkTrust
‎09-13-2017 02:26 AM

The monitoring console monitors any search peer, a search peer can be any Splunk enterprise instance.

A universal forwarder cannot be a search peer, however you can enable Forwarder Monitoring this will collect some data on the universal forwarders. Monitoring a universal forwarder through this console is not the same as monitoring an enterprise instance.

There are panels (under Forwarders in 6.5.2) of the monitoring console that relate to universal forwarders that you can use once you enable the forwarder monitoring...

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud
0 Karma
Reply
Get Updates on the Splunk Community!

Cisco Catalyst Center Meets Splunk ITSI: From 'Payments Are Down' to Root Cause in ...

The Problem: When Networks and Services Don't Talk Payment systems fail at a retail location. Customers are ...

Print, Leak, Repeat: UEBA Insider Threats You Can't Ignore

Are you ready to uncover the threats hiding in plain sight? Join us for "Print, Leak, Repeat: UEBA Insider ...

New Year, New Changes for Splunk Certifications

As we embrace a new year, we’re making a small but important update to the Splunk Certification ...