Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

missing data in All Forwarders - Splunk Deployment App

bkaspar
Engager
‎03-21-2011 05:51 PM

We just updated to 4.2 on our splunk server, and I am in the midst of pushing the Universal Forwarder out to replace out light forwarders. The problem I have on one of your two installations is a lack of data in the Deployment Monitor. On one network the All forwarders list has all our clients, their version, all kind of handy stuff. On the other, nothing, totally empty. It seems like it's capturing the same data in the metric logs, it's just not getting indexed. Any idea on how to sort that out?

Tags (1)
Reply

sideview
SplunkTrust
SplunkTrust
‎03-21-2011 07:22 PM

I believe but I'm not sure, that the Splunk Deployment Monitor app needs the forwarders to all be 4.2 forwarders. And if they are not, I suspect you'd see the 'total emptiness' that you're seeing. Just an idea.

0 Karma
Reply

jbsplunk
Splunk Employee
Splunk Employee
‎03-21-2011 06:24 PM

If the data is being captured in the metrics.log, it has been indexed, otherwise you wouldn't see it recorded. Since the data is in metrics.log, it is likely the data is coming in and being indexed in a way that you do not expect. Perhaps it is being timestamped improperly, or sent to an index that you aren't searching. I would try to do an all time, real time search looking for the data that your seeing in metrics.log to see what the events look like, and from there you should probably be able to figure out how to tackle the problem.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 3)

Welcome back to Splunk Classroom Chronicles, our ongoing blog series that pulls back the curtain on Splunk ...

Operationalizing TDIR: Building a More Resilient, Scalable SOC

Optimizing SOC workflows with a unified, risk-based approach to Threat Detection, Investigation, and Response ...

Almost Too Eventful Assurance: Part 1

Modern IT and Network teams still struggle with too many alerts and isolating issues before they are notified. ...
Top