Splunk Enterprise

Misunderstand of deployment Splunk

hosamalemad
New Member

Hi all
I have installed the splunk light on Host have IP 10.1.1.2 and I have installed the universal forwarder on user have IP 10.1.1.10 ,
when I installed the UF it's asked me the host of deployment server and receiving , I put the deployment server is the same IP of Host 10.56.1.2 and the receiving is also the same , is that correct . if not what will be the deployment server is ? and what the content of it ?
then , i opened the main interface of splunk to add data , but it's told me that there are currently no forwarder configured as deployment client , see the attached image
what can i do ?
.alt text

Tags (1)
0 Karma

p_gurav
Champion

What command you use to configure deployment server and receiver ?

0 Karma

richgalloway
SplunkTrust
SplunkTrust

If you didn't set up a deployment server then you should leave that part of the forwarder configuration empty and fill in the receiving field, instead.
Once you've done that, you must enable receiving in the Splunk server on 10.1.1.2. Go to Settings->Forwarding and Receiving and click "Add new" on the Receiving line. Fill in the form and click Save to receive data from your forwarder.

---
If this reply helps you, Karma would be appreciated.
0 Karma

hosamalemad
New Member

thanks for reply
I have changed the configuration of UF and let the deployment host is empty also I have added the receiving on the splunk light host with port 9997 , but the issue is still found when I try to add the data as the below image ![alt text][1]

0 Karma

richgalloway
SplunkTrust
SplunkTrust

That screen shot is from the Forwarder Management page, which is only useful on a Deployment Server (DS). You don't have a DS, so that page is not useful to you.
To find your data, go to the Search & Reporting app and search for "host=".

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...