Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

missing data in All Forwarders - Splunk Deployment App

bkaspar
Engager
‎03-21-2011 05:51 PM

We just updated to 4.2 on our splunk server, and I am in the midst of pushing the Universal Forwarder out to replace out light forwarders. The problem I have on one of your two installations is a lack of data in the Deployment Monitor. On one network the All forwarders list has all our clients, their version, all kind of handy stuff. On the other, nothing, totally empty. It seems like it's capturing the same data in the metric logs, it's just not getting indexed. Any idea on how to sort that out?

Tags (1)
Reply

sideview
SplunkTrust
SplunkTrust
‎03-21-2011 07:22 PM

I believe but I'm not sure, that the Splunk Deployment Monitor app needs the forwarders to all be 4.2 forwarders. And if they are not, I suspect you'd see the 'total emptiness' that you're seeing. Just an idea.

0 Karma
Reply

jbsplunk
Splunk Employee
Splunk Employee
‎03-21-2011 06:24 PM

If the data is being captured in the metrics.log, it has been indexed, otherwise you wouldn't see it recorded. Since the data is in metrics.log, it is likely the data is coming in and being indexed in a way that you do not expect. Perhaps it is being timestamped improperly, or sent to an index that you aren't searching. I would try to do an all time, real time search looking for the data that your seeing in metrics.log to see what the events look like, and from there you should probably be able to figure out how to tackle the problem.

0 Karma
Reply
Get Updates on the Splunk Community!

Unlock Database Monitoring with Splunk Observability Cloud

  In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and ...

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

At Cisco, purpose isn’t a tagline—it’s a commitment. Cisco’s FY25 Purpose Report outlines how the company is ...

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join us for a live Demo Day at the Cisco Store on January 21st 10:00am - 11:00am PST In the fast-paced world ...