Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Indexer in cluster not receiving logs from devices external to environment

andyk1116
New Member
‎08-06-2019 11:46 AM

I was looking into an issue where one indexer in a cluster was not receiving logs from devices external to my environment. When using the logs to troubleshoot I found a field called "name". The value for this field is "cluster_name:indexer_ip:0" or "cluster_name:indexer_ip:1".

What does the 0 and 1 mean in this field value?

I have not been able to find anything in splunk answers or documentation explaining this.

Search where this field is shown:

index=_internal sourcetype=splunkd source=*metrics.log component=Metrics group=tcpout_connections

Thanks for the help!

0 Karma
Reply

nareshinsvu
Builder
‎08-06-2019 10:42 PM

something to do with your firewalls?

One observation in my environment is that date_hour = 0 for cluster_name:indexer_ip:1 . I don't think if this has something to do with data not reaching indexers.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...