I contacted splunk support with the issue and they gave me the following which has worked for me:

We have a workaround for this until it's fixed properly in the code.

If you could, modify $SPLUNK_HOME/etc/apps/splunk_deployment_monitor/default/macros.conf and change this:

[forwarder_metrics]
definition = index="_internal" source="metrics.lo" group=tcpin_connections | eval sourceHost=if(isnull(hostname), sourceHost,hostname) | eval connectionType=case(fwdType=="uf","universal forwarder", fwdType=="lwf", "lightweight forwarder",fwdType=="full", "heavy forwarder", connectionType=="cooked" or connectionType=="cookedSSL","Splunk forwarder", connectionType=="raw" or connectionType=="rawSSL","legacy forwarder")| eval build=if(isnull(build),"n/a",build) | eval version=if(isnull(version),"pre 4.2",version) | eval guid=if(isnull(guid),sourceHost,guid) | eval os=if(isnull(os),"n/a",os)| eval arch=if(isnull(arch),"n/a",arch) | fields connectionType sourceIp sourceHost sourcePort destPort kb tcp_eps tcp_Kprocessed tcp_KBps splunk_server build version os arch guid

To this:
[forwarder_metrics]
definition = index="_internal" source="metrics.lo" group=tcpin_connections NOT eventType=* | eval sourceHost=if(isnull(hostname), sourceHost,hostname) | eval connectionType=case(fwdType=="uf","universal forwarder", fwdType=="lwf", "lightweight forwarder",fwdType=="full", "heavy forwarder", connectionType=="cooked" or connectionType=="cookedSSL","Splunk forwarder", connectionType=="raw" or connectionType=="rawSSL","legacy forwarder")| eval build=if(isnull(build),"n/a",build) | eval version=if(isnull(version),"pre 4.2",version) | eval guid=if(isnull(guid),sourceHost,guid) | eval os=if(isnull(os),"n/a",os)| eval arch=if(isnull(arch),"n/a",arch) | fields connectionType sourceIp sourceHost sourcePort destPort kb tcp_eps tcp_Kprocessed tcp_KBps splunk_server build version os arch guid

Having the same issue... Upgraded from 6.1.4 to 6.2 and when I view "All Forwarders" in the Deployment Monitor app, I have every forwarder showing missing (listed as the forwarders' IP, pre 4.2, etc.) as well as active using DNS name (not FQDN).

Looked at the answer here and it doesn't really make much sense to me.

Nick

I have the same issue but on a windows platform.

If I look in the deployment monitor and do a search for one affected server name and also the ip address I can see it looks like it make two connections both at the same time (as displayed by the lastconnected field). The source port is different for each listing, if I do a capture on the machine I can only see evidence of a single connection.

I checked our splunk server in our test environment (running 6.1.4) and splunkd creates a second connection to the splunk server on another port, but an extra forwarder is not being created. I am going to compare all of the config files between the two and see what is different between 6.1.4 and 6.2.

You can / should check $SPLUNK_HOME/etc/system/local/server.conf, $SPLUNK_HOME/etc/system/local/inputs.conf, $SPLUNK_HOME/etc/system/local/deploymentclient.conf to see that they contain the "hostname" you like, either short or fqdn .

Sometimes when installing Splunkforwarder it does not set or change the $HOSTNAME-WHATEVEVER_STUFF_COMES-HERE$ in server.conf

They are all linux boxes, some opensuse, some centos. Also noticed that when I monitor the open ports (lsof -i); splunkd will be connected to the server on one port and every so often it will connect on a second port for about a second.

Is this different for all platforms? What platforms do you have for forwarders?