Splunk Cloud Platform
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to check the forwarders/host which is not sending data?

sekhar463
Path Finder
‎06-22-2022 09:42 AM

Hai ,

Is there any way to check Splunk forwarder even HF/UF stops sending data to Splunk cloud?

 

Labels (3)
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎06-23-2022 05:54 AM

If you want to know more detailed level and get alarms etc, there are several apps on splunk base. Here is link to TrackMe https://preview.splunkbase.splunk.com/app/4621

r. Ismo

0 Karma
Reply

Roy_9
Motivator
‎06-22-2022 05:20 PM

@sekhar463  I guess you could use the below search:

| tstats latest(_time) as latest where index=* earliest=-24h by host
| eval recent = if(latest > relative_time(now(),"-5m"),1,0), realLatest = strftime(latest,"%c")
| where recent=0

 

You could also configure the Track me app available in splunkbase which has got good capabilities.

 

 

Thanks

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎06-22-2022 09:54 AM

Have you tried the Forwarder Monitoring feature of the Monitoring Console?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

sekhar463
Path Finder
‎06-23-2022 01:06 AM

any process on Forwarder Monitoring feature of the Monitoring Console?

we need to enable it or it will by default

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎06-23-2022 05:47 AM

Forwarder monitoring must be enabled.  From he MC select Settings->Forwarder Monitoring Setup.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...