Getting Data In

Why is my forwarder missing from the list of forwarders?

Hekmel
Engager

I have installed universal forwarders on all of the servers I want to monitor with Splunk. If I go on the Splunk Server to "Settings" -> "Add Data" -> "Forward" I find all but one of the servers in that list. Lets call the server serverx

If I go from the Splunk dashboard to "Search and Reporting" and search for that server that is missing in the forwarders list I find information on it. host=serverx

Is there some way that I can get serverx into the list of forwareders so I can define monitoring parameters for the hosts? Or is there another way of doing this all together?

0 Karma
1 Solution

Hekmel
Engager

Thank you all for suggestions. We ended up adding all the servers via the Linux shell to an application and then it worked regardless if we still cannot select the host from the gui for anything.

View solution in original post

Hekmel
Engager

Thank you all for suggestions. We ended up adding all the servers via the Linux shell to an application and then it worked regardless if we still cannot select the host from the gui for anything.

hardikJsheth
Motivator

Can you check if you have deploymentclient.conf file on your UF? If this file is not present, that means the setup to deployment server is missing and you can refer the link provided by @garethatiag.

In case the file is present check the port connectivity between deployment server and UF. Deployment server requires bidrectional connection between UF and Deployment server for the management port (mostly it's 8089).

ddrillic
Ultra Champion

You can administer the forwarders from two services, the Forwarder management and the Monitoring Console -

alt text

gjanders
SplunkTrust
SplunkTrust

I'm not completely clear on the issue from your description, but it sounds like you might be having an issue with configuring a universal forwarder to talk to the deployment server?
If so then the configure deployment clients documentation might help

Get Updates on the Splunk Community!

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...