Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Why are all the hosts not showing in Splunk after the new App deployment?

davidcraven02
Communicator
‎04-16-2018 10:35 AM

I have created and deployed a new app for DFS Replication called "NAS_DFS" which consists of pulling a csv file from each server
D:\data\splunk\dfs_replication\dfs_replication.csv

This app contains 163 clients in the server class (in the right screenshot) but when searching only 18 hosts are returning (left screenshot).

I'm not sure why only 18 hosts are showing.

inputs.conf

[monitor://D:\data\splunk\dfs_replication\dfs_replication.csv]
index=ad
interval=60
source=otl_dfs
sourcetype=csv
disabled=0
crcSalt=<SOURCE>

app.conf

[install]
state = enabled

alt text

Preview file
1 KB
0 Karma
Reply

deepashri_123
Motivator
‎04-17-2018 02:54 AM

Hey@davidcraven02,

You need to check the following points:
1. Was the app being pushed on the hosts from which data is not coming?ie, the app having inputs.conf.
2. Check if any error are coming in index=_internal for that particular host if not sending data.
3. Check if the followtail logs are coming in _internal for those particular host.
4. If all these conditions are satisfied then your problem has to be crc_salt , Removing crc_salt should solve this but might also re-index the data which is already indexed.
5. Also you can check initCrcLength for the issue.

Refer this link:
http://docs.splunk.com/Documentation/Splunk/7.0.2/Data/Howlogfilerotationishandled

Let me know if this helps!!

0 Karma
Reply

damien_chillet
Builder
‎04-17-2018 02:21 AM

Hi David,
Is there a timestamp in the CSV fields?
Could you try run the search on all time see if you get different results?

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...