Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

UF not in CMC

msatish
Explorer
a week ago


Newly installed Universal forwarders on windows servers are forwarding logs to Splunk Cloud but newly installed forwarders name is not coming up in forwarders list in Cloud Monitoring Console. What could be the reason?

Labels (1)
Labels
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
yesterday

While rebuilding forwarder database might sometimes help if it becomes corrupted or contains too many orphaned entries, the question worth looking into is how your UFs are deployed and configured. Are you sure they aren't sharing the GUID and hostname?

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
yesterday
The rebuild of forwarders assets should happen automatically with period what is defined into CMC -> Forwarders -> Forwarder Monitoring Setup: Data Collection Interval.
If that time has gone after you have add this UF and you can see those logs in _internal index and this continue I propose that you create a support ticket that they could figure out why this forwarder asset hasn't updated as expected.

Of course if time has elapsed less than that period you could update it manually or decrease that time and build it again. What is preferred time period for update is depending on your needs to get those UF into this list and how many UFs you have.
0 Karma
Reply

livehybrid
Super Champion
a week ago

Hi @msatish 

It looks like you need to "Rebuild Forwarder Assets". This can be done by going to Cloud Monitoring Console > Forwarders > Forwarder Monitoring Setup. and clicking on the "Rebuild Forwarder Assets" button.

I'd also recommend checking out the Review the Forwarder Monitoring Setup page docs which has more info about this and how to view/manage your forwarders via the CMC.

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

0 Karma
Reply

kiran_panchavat
Influencer
a week ago

@msatish 

You need to rebuild the forwarder asset table in the CMC for it to update properly.

Go to CMC > Forwarders > Forwarder Monitoring Setup > Rebuild Forwarder Assets

kiran_panchavat_0-1746684249585.png

Refer the below docs: 

Use the Forwarder dashboards - Splunk Documentation

Solved: monitoring console triggered alerts - missing forw... - Splunk Community

Solved: Why is our universal forwarder not visible in the ... - Splunk Community

Did this help? If yes, please consider giving kudos, marking it as the solution, or commenting for clarification — your feedback keeps the community going!
0 Karma
Reply
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...