Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

DMC and dual purpose Splunk server

pwilliams_splun
Splunk Employee
Splunk Employee
‎09-12-2017 08:08 AM

I have an indexer and universal forwarder on the same server. The reason for this is that the connection from the indexer to an upstream indexer loses connectivity due to the type of connection and, per the Splunk product team, the indexer will not only stop forwarding when the connection is lost, but also stop indexing. This has been confirmed with the product team as expected behavior per design.

The DMC is picking up the indexer and all other forwarders, but not the forwarder on the same instance as the indexer. The UF's internal logs are, of course, being ingested. Is DMC unable to see the instances individually? Is there any way to configure the UF or the DMC to see this invisible forwarder?

Tags (3)
0 Karma
Reply

gjanders
SplunkTrust
SplunkTrust
‎09-13-2017 02:26 AM

The monitoring console monitors any search peer, a search peer can be any Splunk enterprise instance.

A universal forwarder cannot be a search peer, however you can enable Forwarder Monitoring this will collect some data on the universal forwarders. Monitoring a universal forwarder through this console is not the same as monitoring an enterprise instance.

There are panels (under Forwarders in 6.5.2) of the monitoring console that relate to universal forwarders that you can use once you enable the forwarder monitoring...

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...