Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Deployment Server issue after upgrading 9.1 to 9.4.5

verbal_666
Builder
a week ago

Hello.

I'm having new issues after upgrading a DS from V.9.1 to V.9.4.5.
Every phone-home from the UFs (i have about 2000 UFs), gives a 0 [ZERO] in UI.
I can see UFs connected to 8089 of my DS Listener, many errors on Splunk logs,

AdminHandler:AuthenticationHandler [289178 TcpChannelThread] - Denied session token for user: splunk-system-user

On UFs i have the classic "deploymentclient.conf", with a simple,

[target-broker:deploymentServer]
targetUri = myDS:8089

With previous versions i never had issues.

Has something changed in 9.4 for UFs to DS connect?

Thanks.

verbal_666_0-1762334421144.png

 

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

PrewinThomas
Motivator
a week ago

@verbal_666 

If it's after upgrading to 9.2+, add below configuration under outputs.conf in the deployment server, then restart splunk.

[indexAndForward]
index = true
selectiveIndexing = true

#https://community.splunk.com/t5/Deployment-Architecture/The-Client-forwarder-management-not-showing-...
#https://help.splunk.com/en/splunk-enterprise/administer/update-your-deployment/9.2/configure-the-dep...

Regards,
Prewin
🌟If this answer helped you, please consider marking it as the solution or giving a Karma. Thanks!

View solution in original post

Reply
Solved! Jump to solution
Solution

PrewinThomas
Motivator
a week ago

@verbal_666 

If it's after upgrading to 9.2+, add below configuration under outputs.conf in the deployment server, then restart splunk.

[indexAndForward]
index = true
selectiveIndexing = true

#https://community.splunk.com/t5/Deployment-Architecture/The-Client-forwarder-management-not-showing-...
#https://help.splunk.com/en/splunk-enterprise/administer/update-your-deployment/9.2/configure-the-dep...

Regards,
Prewin
🌟If this answer helped you, please consider marking it as the solution or giving a Karma. Thanks!

Reply
Solved! Jump to solution

verbal_666
Builder
a week ago

Ahhhhhhhhhhhhhhhhhhh!!! 😚

So the DS must index locally and then send data to Indexers... 👍👍👍

Thanks 👏👏

0 Karma
Reply
Solved! Jump to solution

livehybrid
SplunkTrust
SplunkTrust
a week ago

If for any reason you arent able to index locally using selectiveIndexing (e.g. small local disk) but can forward to your indexers then I have found that setting the Deployment Server up to be able to search against the search peers also fixes the UI and allows management of the agents without local indexing.

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...