Since upgrading Splunk Enterprise to version 7.x (presently at 7.2.1), I notice often the Monitoring Console shows multiple hosts such as Indexers or Search Heads as "Unknown" when viewing the Overview display. My Splunk console environment is in the "Distributed" mode.
If I refresh the browser (using Firefox v.60.5), sometimes console will provide the correct information or partial where some hosts are still at "unknown". I verified the hosts are reachable and some hosts like Indexers and Search Heads are at above 80% CPU usage but not all.
I have tried in Settings, clicking the "Apply Changes" but still having this issue intermittently. Is there a setting in Splunk Web or config file to manage the response time between the hosts and the Monitoring console?
Thanks for the assistance.
I had the same issue in a Splunk Cluster Environment (Cluster Master as Monitor Console hosting) and I have fixed the issue by:
Settings ---> Monitoring Console ---> Settings ---> Apply Changes
As soon as you have clicked on "Apply Changes" Splunk will prompt you the "Refresh" option, just click on Refresh and check if your Splunk distributed instances are still shown the "Unknown" label.