Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Running a single instance of Splunk, but why does Health Check in the Monitoring Console warn of non-indexer instances that are not sending logs to the indexer?

gregbo
Communicator
‎01-19-2017 03:40 AM

I have a single instance Splunk Enterprise setup. When I run the Health Check in the Monitoring Console, it gives me a warning that some of my non-indexer instances are not sending logs to the indexer. Since it's a single instance there are no non-indexer instances. I'm wondering if this check might only apply to multiple-instance environments?

I checked my data inputs and it's monitoring the local logs, so data is coming in to _internal and _introspection

Reply

marina_rovira
Contributor
‎02-22-2017 12:39 AM

Hi all,
I have the same thing and I've already followed all the recomendations here.

Anything else that I cna try?
I would like to have all the checks in green 🙂

Thank you,

0 Karma
Reply

lycollicott
Motivator
‎01-20-2017 07:31 AM

I would try this:

  1. Go to Settings > Distributed Search and make sure that you have no search peers set up at all. (Note that a development license does not include this feature and will mean that there are no search peers configured.)
  2. Go to Monitoring Console > Settings > General Setup where it should look something like this: alt text
  3. Click Apply Changes. You must do this even if you have made no changes on this screen. (It is not very intuitive.)
  4. Try the Health Check again.
Preview file
1 KB
0 Karma
Reply

gregbo
Communicator
‎01-20-2017 07:39 AM

i checked and Distributed search is set to No, and there are no peers.
When I went to General Setup, it's set to standalone. the only difference i see is that under Instance (servername) you picture shows "N/A" but on my server the server name is there (same value as under instance (host)

0 Karma
Reply

lycollicott
Motivator
‎01-20-2017 07:43 AM

When you drill down into the "non-indexer instances are not sending logs to the indexer" results what does it say are the instances?

0 Karma
Reply

gregbo
Communicator
‎01-20-2017 08:03 AM

It only lists one instance, itself.

0 Karma
Reply

hunters_splunk
Splunk Employee
Splunk Employee
‎01-19-2017 07:39 AM

Hi Gregbo,

If your Splunk deployment is single-instance, in Monitoring Console, please click Settings > General Setup from your menu and make sure your Monitoring Console is running inn Standalone, rather than Distributed mode. If the Monitoring Console is running in a mode that does not match your actual topology, you may get inaccurate information from it.

For details, please refer to documentation:
http://docs.splunk.com/Documentation/Splunk/6.5.1/DMC/Configureinstandalonemode
http://docs.splunk.com/Documentation/Splunk/6.5.1/DMC/Singleinstancesetup

Hope this helps. Thanks!
Hunter

0 Karma
Reply

gregbo
Communicator
‎01-19-2017 08:17 AM

It's set to standalone.

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...