I have a single instance Splunk Enterprise setup. When I run the Health Check in the Monitoring Console, it gives me a warning that some of my non-indexer instances are not sending logs to the indexer. Since it's a single instance there are no non-indexer instances. I'm wondering if this check might only apply to multiple-instance environments?
I checked my data inputs and it's monitoring the local logs, so data is coming in to _internal and _introspection
If your Splunk deployment is single-instance, in Monitoring Console, please click Settings > General Setup from your menu and make sure your Monitoring Console is running inn Standalone, rather than Distributed mode. If the Monitoring Console is running in a mode that does not match your actual topology, you may get inaccurate information from it.
For details, please refer to documentation:
Hope this helps. Thanks!
It's set to standalone.
I would try this:
i checked and Distributed search is set to No, and there are no peers.
When I went to General Setup, it's set to standalone. the only difference i see is that under Instance (servername) you picture shows "N/A" but on my server the server name is there (same value as under instance (host)
When you drill down into the "non-indexer instances are not sending logs to the indexer" results what does it say are the instances?
It only lists one instance, itself.
I have the same thing and I've already followed all the recomendations here.
Anything else that I cna try?
I would like to have all the checks in green 🙂