Monitoring Splunk
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

what is connection between forwarder and DS

Reethika
Path Finder
‎06-22-2020 01:52 AM

We noticed that a host "1234"  is not longer connecting with the DS. 

What does this mean? 

What would be the impact?

How do we troubleshoot this?

 Thanks.

 

 

Labels (2)
Tags (1)
0 Karma
Reply

anilchaithu
Builder
‎06-22-2020 03:35 PM

@Reethika 

If its not communicating, you can no longer deploy apps to the client. 

1) Does the client sending data to splunk indexer?

index=_internal host="client"

2) If yes, try to restart splunk service on the client

3) Is there any firewall between client & Deployment Server?

you can check this from DC doing telnet forwarderip:9997

4) if it checks out, please look for errors in the splunkd logs on the client .

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...