Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why are there duplicate entries of my PC in Forwarder management, and how can I remove them?

tmontney
Builder
‎01-09-2017 02:44 PM

My PC is duplicated a few times in forwarder management. How can I remove duplicate entries, so I don't get missing forwarder alerts?

Reply

tzamer
New Member
‎02-06-2018 09:57 AM

I think it is because the multiple installs were not completely uninstalled according to https://docs.splunk.com/Documentation/Forwarder/7.0.2/Forwarder/Uninstalltheuniversalforwarder

Following the doc above and rebooting the machine should do the trick.

0 Karma
Reply

hunters_splunk
Splunk Employee
Splunk Employee
‎01-10-2017 08:59 AM

Hi tmontney,

Are you running more than one forwarder on a machine so that the same hostnames show up as duplicate deployment clients?

If this is the case, you can set different servername and default-hostnames for your forwarders on the same machine to differentiate your forwarder clients. 

splunk  set servername <new_servername>
splunk  set default-hostname <new_hostname>

For example, if you have two universal forwarders sending data from the same host named my_host, you can set both the servername and default hostname of the first forwarder to my_host_uf01, and those of the second forwarder to my_host_02.

Hope this helps. Thanks!
Hunter

0 Karma
Reply

tmontney
Builder
‎01-10-2017 09:55 AM

Nope. I only have one UF for each client. Originally, I had installed it a few times before during testing. It seems like it's treating each install unique (based on its GUID).

Reply

learnsplungeek
Loves-to-Learn Everything
‎10-21-2024 12:16 AM

Hi , I am facing the same issue and found this thread. Was the issue resolved ? Can you let me know the fix please if this is working for you now.
Thanks

0 Karma
Reply
Get Updates on the Splunk Community!

OpenTelemetry for Legacy Apps? Yes, You Can!

This article is a follow-up to my previous article posted on the OpenTelemetry Blog, "Your Critical Legacy App ...

UCC Framework: Discover Developer Toolkit for Building Technology Add-ons

The Next-Gen Toolkit for Splunk Technology Add-on Development The Universal Configuration Console (UCC) ...

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...