Monitoring Splunk

Wrong instance name after migrating to a new server

Explorer

Hi,

Some month of we moved our Splunk Instance to a new server. The old server was named HQCHMOSS* and the new one is HQCHSPLUNK*. Everything is working fine, but some dashboard such the "Indexing Performance: Instance" in the "Distributed Management Console", the instance list is still displaying the old server name instead of the new one. Therfore the reports shows nothing.

It seems the old server is quite sealed somewhere but where ?

Any ideas?

Thanks,

David

New Member

Thankyou everyone that's posted a response here, you gave me various options and areas to check that I'd renamed my server correctly. However I still had no license usage reports as the license master was still finding the old servername somewhere.

The final piece for me was finding the entries in the assets.csv file which corrected the license master name in the Monitoring Console dash/reports....

0 Karma

Path Finder

Hi,
try my Workaround, thats worked for me very well.

doublecheck the instanzename in $SPLUNKHOME/etc/system/local/server.conf (same as Hostname)
then click on >SETTINGS>MONITORING
CONSOLE
MONITORINGCONSOLE is showing
---click SETTINGS >GENERAL
Setup
---THIS instance
Instance (host) = hostname value, etc
on the top, press "apply changes" verify "YES" (maybe etdit roles temporärly) IMPORTANT press REFRESH
doublecheck Overwie on MC
DONE!

Engager

I was having trouble with this too. In my home lab I decided to modify the default hostname under the Index settings (Server settings » General settings) and my monitoring console was still showing the old hostname when I was trying to check my index usage under "Indexes and Volumes: Instance" no matter how many times I applied the change.

I was curious If I could locate this string within the file system so I grep for the string "splunk-3" (my old instance name):

grep -rnw "/opt/splunk/" -e "splunk-3"

This returned a few notable entries:

51,3463,completed,"0.715357022","1514786400.000000000","1514874115.000000000",,"1514786400.000000000","1514874115.000000000",,,,,,,,,,,,,,,,,
/opt/splunk/etc/apps/splunkmonitoringconsole/lookups/assets.csv:2:localhost,"splunk-3","splunk-3","splunk-3","dmcgroupindexer",,,,,
/opt/splunk/etc/apps/splunkmonitoringconsole/lookups/assets.csv:3:localhost,"splunk-3","splunk-3","splunk-3","dmcgroupkvstore",,,,,
/opt/splunk/etc/apps/splunk
monitoringconsole/lookups/assets.csv:4:localhost,"splunk-3","splunk-3","splunk-3","dmcgrouplicensemaster",,,,,
/opt/splunk/etc/apps/splunkmonitoringconsole/lookups/assets.csv:5:localhost,"splunk-3","splunk-3","splunk-3","dmcgroupsearch_head",,,,,

Decided to replace "splunk-3" with my new hostname "

nano /opt/splunk/etc/apps/splunkmonitoringconsole/lookups/assets.csv

peerURI,serverName,host,machine,"searchgroup","mvpeerURI","mv_serverName","mvhost","mvmachine","_mvsearchgroup"
localhost,"splunk-index1","splunk-index1","splunk-index1","dmc
groupindexer",,,,,
localhost,"splunk-index1","splunk-index1","splunk-index1","dmc
groupkvstore",,,,,
localhost,"splunk-index1","splunk-index1","splunk-index1","dmcgrouplicensemaster",,,,,
localhost,"splunk-index1","splunk-index1","splunk-index1","dmc
groupsearchhead",,,,,

Returned to the monitoring console and refreshed the page, monitoring console is working as intended. Keep in mind I am using a trial license in my home lab and don't suggest doing this in a prod environment without proper testing... Finished by restarting Splunk and verifying still getting data in and indexing properly.

0 Karma

Path Finder

hi,
i got the same Issue. for me works following workaround.
doublecheck the instanzename in $SPLUNKHOME/etc/system/local/server.conf (same as Hostname)
then click on >SETTINGS>MONITORING
CONSOLE
MONITORINGCONSOLE is showing
---click SETTINGS >GENERAL
Setup
---THIS instance
Instance (host) = hostname value, etc
on the top, press "apply changes" verify "YES" (maybe etdit roles temporärly) IMPORTANT press REFRESH
doublecheck Overwie on MC
DONE!

Path Finder

After making changes and letting them persist for awhile I restarted the DMC - this did not change the instance name to the configured new instance name even after a restart of the DMC. I then applied all changes - and that did the trick!

Apply Changes on DMC -> Settings -> General Setup

0 Karma

Engager

I was able to get my DMC working correctly by using the Reset All Settings button in the DMC > Settings > General Settings menu. This did reset everything else in DMC but it's working properly now.

0 Karma

Path Finder

I downvoted this post because there needs to be a better way to accomplish this. for a small/new environment this is fine but when you have 50+ devices this isn't a viable solution.

0 Karma

Explorer

Thank you Sheron.,

I just used your commandline and the "serverName" configured in the server.conf, is set to the new server name.

In fact, everything indexed by this machine is correctly stamped with host=[CORRRECTSERVERNAME] . I am facing only a issue with the Distributed Management Console which is listing the instances with the incorrect/previous naming.

Best regards,

David Campillo

0 Karma

Splunk Employee
Splunk Employee

In the gui, look at Settings > Server settings > General Settings and make sure the Splunk Server Name and the Default Host Name are correct.

if you have command line access, you can try using btool and locate the old server name:

$SPLUNK_HOME/bin/splunk btool server list --debug

0 Karma