Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

I added a forwarder on the indexer using the CLI, but why am I getting "There are currently no forwarders configured as deployment clients to this instance"?

Federica_92
Communicator
‎07-07-2015 11:38 AM

Hi everyone,

I created a deployment server with 2 forwarders that are sending data to 2 indexers, and they have to be balanced.
I create my apps inside the deploy-server and the apps are correctly sending the data from the forwarders. I added the forwarder at the indexer using the cli, but when I want to select the forwarder using the GUI, I obtain this error: 

There are currently no forwarders configured as deployment clients to this instance

I don't really know what to do, because everything seems fine. I used this conf for the output:

[tcpout:my_LB_indexers]
server=10.10.10.1:9997,10.10.10.2:9996,10.10.10.3:9995

Please help me

0 Karma
Reply

MuS
Legend
‎07-07-2015 12:56 PM

Hi Federica_92,

you need to tell the universal forwarder to poll the deployment server like this:

$SPLUNK_HOME/bin/splunk set deploy-poll <host>:<port>

See Step 2 in the docs for more details http://docs.splunk.com/Documentation/Splunk/6.2.3/Forwarding/Deployanixdfmanually#Configuration_step...

Hope that helps ...

cheers, MuS

0 Karma
Reply

Federica_92
Communicator
‎07-07-2015 03:38 PM

I tried with both of them but still same problem : (

0 Karma
Reply

MuS
Legend
‎07-07-2015 03:44 PM

Check your indexer either with DMC or S.o.S app and see which queue is blocked for what reason.

0 Karma
Reply

Federica_92
Communicator
‎07-07-2015 02:43 PM

In the end was a so silly mistake! I just called the output -> outputs.
Now I have a new error:
Search peer index1 has the following message: Forwarding to indexer group default-autolb-group blocked for 5400 seconds.

0 Karma
Reply

MuS
Legend
‎07-07-2015 02:59 PM

looks like your load some historical data as well and maybe you're pushing too hard for the indexer 😉 either enable 

[thruput]
maxKBps = <integer>

in limits.conf of the UF to limit the amount of events sent or add in the inputs.conf to your monitor:

ignoreOlderThan = <nonnegative integer>[s|m|h|d]

to ignore historical data.

0 Karma
Reply

Federica_92
Communicator
‎07-07-2015 01:00 PM

I already did this : (

0 Karma
Reply

MuS
Legend
‎07-07-2015 01:08 PM

What is reported when you run on the UF:

 $SPLUNK_HOME/bin/splunk show deploy-poll

What is reported when you run on the Deployment-server:

 $SPLUNK_HOME/bin/splunk list deploy-clients

Can your UF connect to port 8098 of the Deployment-server?

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...