Getting Data In

Running a single instance of Splunk, but why does Health Check in the Monitoring Console warn of non-indexer instances that are not sending logs to the indexer?

gregbo
Communicator

I have a single instance Splunk Enterprise setup. When I run the Health Check in the Monitoring Console, it gives me a warning that some of my non-indexer instances are not sending logs to the indexer. Since it's a single instance there are no non-indexer instances. I'm wondering if this check might only apply to multiple-instance environments?

I checked my data inputs and it's monitoring the local logs, so data is coming in to _internal and _introspection

marina_rovira
Contributor

Hi all,
I have the same thing and I've already followed all the recomendations here.

Anything else that I cna try?
I would like to have all the checks in green 🙂

Thank you,

0 Karma

lycollicott
Motivator

I would try this:

  1. Go to Settings > Distributed Search and make sure that you have no search peers set up at all. (Note that a development license does not include this feature and will mean that there are no search peers configured.)
  2. Go to Monitoring Console > Settings > General Setup where it should look something like this: alt text
  3. Click Apply Changes. You must do this even if you have made no changes on this screen. (It is not very intuitive.)
  4. Try the Health Check again.
0 Karma

gregbo
Communicator

i checked and Distributed search is set to No, and there are no peers.
When I went to General Setup, it's set to standalone. the only difference i see is that under Instance (servername) you picture shows "N/A" but on my server the server name is there (same value as under instance (host)

0 Karma

lycollicott
Motivator

When you drill down into the "non-indexer instances are not sending logs to the indexer" results what does it say are the instances?

0 Karma

gregbo
Communicator

It only lists one instance, itself.

0 Karma

hunters_splunk
Splunk Employee
Splunk Employee

Hi Gregbo,

If your Splunk deployment is single-instance, in Monitoring Console, please click Settings > General Setup from your menu and make sure your Monitoring Console is running inn Standalone, rather than Distributed mode. If the Monitoring Console is running in a mode that does not match your actual topology, you may get inaccurate information from it.

For details, please refer to documentation:
http://docs.splunk.com/Documentation/Splunk/6.5.1/DMC/Configureinstandalonemode
http://docs.splunk.com/Documentation/Splunk/6.5.1/DMC/Singleinstancesetup

Hope this helps. Thanks!
Hunter

0 Karma

gregbo
Communicator

It's set to standalone.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...