Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Data coming in from DS but not other hosts that talk to DS

ross_sd
Explorer
‎01-29-2021 08:16 AM

I've followed the steps here - https://docs.splunk.com/Documentation/SplunkCloud/8.1.2011/Admin/WindowsGDI

And have set up a deployment server and deployed the universal forwarder onto a windows server to collect application/security logs. This server has checked in and I can see it got my 'outputs' and 'windows server' server classes installed.

On Splunk Cloud, I can find my deployment server, lets call it 'datacollector' and see it pushing data into the _internal index but that's it. I can't find my windows server as a host and the only thing tht is returned with the following search index=_internal host!= "*.splunkcloud.com" is my datacolelctor server. 

Is that right? Should I be able to see my windows server listed as a host too? I can't find any logs associated to the windows server, only those from the DS. 

I've checked and re-checked my steps from that guide and everything is as expected to my knowledge.

Thanks

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎01-29-2021 09:46 AM

Did you install the "Universal Forwarder" app from your Splunk Cloud search head on the forwarder?

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution

ross_sd
Explorer
‎02-01-2021 01:39 AM

OK, so on the link I posted, steps 3a says to download the UF credentials but then nothing else is mentioned about those. So I've performed the installation links via the "Installation Instructions" link underneath the credentials download. 

Restarted the deployment server and it works! All expected servers are now reporting.

@richgalloway Thanks for the advice as you helped me realise something so simple that I was missing. At the time, I thought I was following the instructions so precisely but they don't actually mention about installing the credentials after downloading them.

0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎01-29-2021 09:46 AM

Did you install the "Universal Forwarder" app from your Splunk Cloud search head on the forwarder?

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

ross_sd
Explorer
‎02-01-2021 01:25 AM

Yes, I did this in step 2. However, for some reason, I have a blank spot in my memory that doesn't recall installing the license. Going to check this now.. 

0 Karma
Reply
Get Updates on the Splunk Community!

What's New in Splunk Cloud Platform 9.3.2411?

Hey Splunky People! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2411. This release ...

Buttercup Games: Further Dashboarding Techniques (Part 6)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...