Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

missing data in All Forwarders - Splunk Deployment App

bkaspar
Engager
‎03-21-2011 05:51 PM

We just updated to 4.2 on our splunk server, and I am in the midst of pushing the Universal Forwarder out to replace out light forwarders. The problem I have on one of your two installations is a lack of data in the Deployment Monitor. On one network the All forwarders list has all our clients, their version, all kind of handy stuff. On the other, nothing, totally empty. It seems like it's capturing the same data in the metric logs, it's just not getting indexed. Any idea on how to sort that out?

Tags (1)
Reply

sideview
SplunkTrust
SplunkTrust
‎03-21-2011 07:22 PM

I believe but I'm not sure, that the Splunk Deployment Monitor app needs the forwarders to all be 4.2 forwarders. And if they are not, I suspect you'd see the 'total emptiness' that you're seeing. Just an idea.

0 Karma
Reply

jbsplunk
Splunk Employee
Splunk Employee
‎03-21-2011 06:24 PM

If the data is being captured in the metrics.log, it has been indexed, otherwise you wouldn't see it recorded. Since the data is in metrics.log, it is likely the data is coming in and being indexed in a way that you do not expect. Perhaps it is being timestamped improperly, or sent to an index that you aren't searching. I would try to do an all time, real time search looking for the data that your seeing in metrics.log to see what the events look like, and from there you should probably be able to figure out how to tackle the problem.

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...