Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Identifying forwarders from indexer

glenngermiathen
Path Finder
‎05-24-2013 01:08 PM

With almost no experience I recently was appointed as Splunk admin when the previous one quit. There is no documentation on how the system is set up so the first thing I am trying to do is get an idea of how everything works together. I am working with Ubuntu indexers and a windows search head. How can I tell which systems are forwarding to the indexers, and where is the config for archiving located on the indexer? Any other help is greatly appreciated too.

Tags (2)
0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎05-24-2013 02:27 PM

The easiest way for a novice to get a first glimpse into your forwarders is to take a look at the "All Forwarders" view in the Deployment Monitor app. If your installation does not already have it you can get it here: http://splunk-base.splunk.com/apps/67836/splunk-deployment-monitor / http://splunk-base.splunk.com/apps/22301/splunk-deployment-monitor-4x

Reply

glenngermiathen
Path Finder
‎05-28-2013 12:20 PM

Using the app now it is a big help.

0 Karma
Reply

kristian_kolb
Ultra Champion
‎05-24-2013 02:26 PM

You could install the Splunk Deployment Monitor app, unless you already have it installed. It will show you some metrics, and the general health of your forwarders.

Not a lot of time for knowledge transfer?

Reply

bmacias84
Champion
‎05-24-2013 01:21 PM

Every instance of Splunk can potentially be a forwarder and full instances can be search head, indexer, Forwarder, Deployment server, and licensing server. From the search head in manage look for who are its search peers which should tell you who are indexers. Indexer settings are located in index.conf but index.conf can be located in apps and under system.

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...

Splunk MCP & Agentic AI: Machine Data Without Limits

Discover how the Splunk Model Context Protocol (MCP) Server can revolutionize the way your organization uses ...