Monitoring Splunk
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk Enterprise is receiving data from forwarder but when i use run a search i can not find the host ?

CJROCK21
New Member
‎05-04-2017 08:55 PM

alt text
alt text

Tags (1)
Preview file
59 KB
Preview file
72 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Richfez
SplunkTrust
SplunkTrust
‎05-05-2017 08:32 AM

It is likely the data is in an index not searched by default. Try this search instead:

index=* host=DESKTOP-<what_ever_that_is>

Let us know if that works!

Happy Splunking,
Rich

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

Richfez
SplunkTrust
SplunkTrust
‎05-05-2017 08:32 AM

It is likely the data is in an index not searched by default. Try this search instead:

index=* host=DESKTOP-<what_ever_that_is>

Let us know if that works!

Happy Splunking,
Rich

0 Karma
Reply
Solved! Jump to solution

CJROCK21
New Member
‎05-05-2017 07:31 AM

I have a forwarder installed on ubuntu vm and i am forwarding data to my splunk running on Windows 10.

When i goto setting-> monitoring ->instance-forwarder i can see that there is 1 connection and i am receiving data from ubuntu instance

But what i click run a search and query throught it for available hosts it does not show ubuntu under host list.

I have posted snapshot for both received data and host list above

0 Karma
Reply
Solved! Jump to solution

ddrillic
Ultra Champion
‎05-05-2017 07:23 AM

Can you please elaborate on the question?

0 Karma
Reply
Solved! Jump to solution

CJROCK21
New Member
‎05-05-2017 07:41 AM

I am receiving data in my splunk enterprise from universal forwarder installed on ubuntu vm and i can see that under ...

Monitoring console -> forwarder: instances

It shows me instance ... ubuntu and data rate and all graphs . (Refer snapshot 1 above)

but when i click run a search and check available host to query through list does not contains ubuntu as a host which it should have (snapshot 2)

plz help me on how to get that data and query on it.

0 Karma
Reply
Solved! Jump to solution

klaxdal
Contributor
‎05-05-2017 07:49 AM

try searching for index=main (or what ever index you have established to forward events to ) host="host_name"

so from what I am seeing in the screen shots

index=main host=ubuntu

that should do it - if not use a wildcard on the index= ( index=*) to troubleshoot

0 Karma
Reply
Solved! Jump to solution

klaxdal
Contributor
‎05-05-2017 06:58 AM

What is your search parameter ?

0 Karma
Reply
Solved! Jump to solution

CJROCK21
New Member
‎05-05-2017 07:42 AM

I am receiving data in my splunk enterprise from universal forwarder installed on ubuntu vm and i can see that under ...

Monitoring console -> forwarder: instances

It shows me instance ... ubuntu and data rate and all graphs . (Refer snapshot 1 above)

but when i click run a search and check available host to query through list does not contains ubuntu as a host which it should have (snapshot 2)

plz help me on how to get that data and query on it.

0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...