Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

missing data in All Forwarders - Splunk Deployment App

bkaspar
Engager
‎03-21-2011 05:51 PM

We just updated to 4.2 on our splunk server, and I am in the midst of pushing the Universal Forwarder out to replace out light forwarders. The problem I have on one of your two installations is a lack of data in the Deployment Monitor. On one network the All forwarders list has all our clients, their version, all kind of handy stuff. On the other, nothing, totally empty. It seems like it's capturing the same data in the metric logs, it's just not getting indexed. Any idea on how to sort that out?

Tags (1)
Reply

sideview
SplunkTrust
SplunkTrust
‎03-21-2011 07:22 PM

I believe but I'm not sure, that the Splunk Deployment Monitor app needs the forwarders to all be 4.2 forwarders. And if they are not, I suspect you'd see the 'total emptiness' that you're seeing. Just an idea.

0 Karma
Reply

jbsplunk
Splunk Employee
Splunk Employee
‎03-21-2011 06:24 PM

If the data is being captured in the metrics.log, it has been indexed, otherwise you wouldn't see it recorded. Since the data is in metrics.log, it is likely the data is coming in and being indexed in a way that you do not expect. Perhaps it is being timestamped improperly, or sent to an index that you aren't searching. I would try to do an all time, real time search looking for the data that your seeing in metrics.log to see what the events look like, and from there you should probably be able to figure out how to tackle the problem.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

This is the second post in our Splunk Observability Cloud’s AI Assistant in Action series, in which we look at ...

Elevate Your Organization with Splunk’s Next Platform Evolution

 Thursday, July 10, 2025  |  11AM PDT / 2PM EDT Whether you're managing complex deployments or looking to ...

Splunk Answers Content Calendar, June Edition

Get ready for this week’s post dedicated to Splunk Dashboards! We're celebrating the power of community by ...
Top