Installation

Issues with "missing" forwarder version after upgrade from universal forwarder 6.3.0 to 6.4.0?

ralphw_SAIC
Path Finder

i have upgraded all of our universal forwarders from 6.3.0 to 6.4.0 and roughly a third is showing as "missing" when looking at the forwarder version in the distributed management console. Is there any way to clean this up? I also notice a lot of servers that we have decommissioned showing up even after the log retention period of 90 days.

Labels (1)
1 Solution

ralphw_SAIC
Path Finder

Found how to clean up the database. It is under Settings > Monitoring Console > Settings > Forwarder Monitoring Setup > Rebuild forwarder assets.

View solution in original post

0 Karma

ralphw_SAIC
Path Finder

Found how to clean up the database. It is under Settings > Monitoring Console > Settings > Forwarder Monitoring Setup > Rebuild forwarder assets.

0 Karma

ddrillic
Ultra Champion

Have you updated the serverclass.conf on the deployment server? After all, that's the only place where we map the forwarder's host to the deployment app.

Deployment server architecture

0 Karma

ralphw_SAIC
Path Finder

No, no updates have been made to serverclass.conf. For the most part this is a stock install of Splunk with only the config files necessary to run changed(i.e. inputs, outputs, and the like). I have double checked the file and there is no specific server listed. It is a generic setup based on IP subnets and machine type. So I do not understand why with the upgrade i have ghosts hanging around showing up as missing.

0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

🍂 Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...