Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

issue on splunk deployment server forwarder manager

julianaa85
New Member
‎07-26-2025 05:06 AM

hi , in my company we are using splunk enterprise in cluster struct , i recently update my servers not splunk after that and after restarting splunk deployment server all forwarder are trying to do phone call and when trying to listen on deployment servers it reciving the calls but when i check clients on forwarder manager section it is empty , what can i do ?

Labels (1)
Labels
0 Karma
Reply

danspav
SplunkTrust
SplunkTrust
‎10-15-2025 03:37 PM

Hi @julianaa85,

I had a similar issue after upgrading Splunk, where the deployment server UI was blank, but clients were successfully phoning home.

The Deployment Server UI had an update in recent Splunk versions - it now indexes data locally and searches the local data to populate the UI.

The outputs.conf in the deployment server app has this note:

[tcpout]
forwardedindex.2.whitelist = (_audit|_internal|_introspection|_telemetry|_metrics|_metrics_rollup|_configtracker|_dsclient|_dsphonehome|_dsappevent)

# If you have configurations to forward the internal logs to other instances,
# please include the following settings to make sure the deployment server logs
# are indexed locally.
#
# [indexAndForward]
# index = true
# selectiveIndexing = true

 

Check that you have a file in :
$SPLUNK_HOME/etc/apps/SplunkDeploymentServerConfig/local/outputs.conf
that has that indexAndForward stanza uncommented.

If not, copy the file from default to local (don't update config in the default directory)  and uncomment the stanza then restart Splunk. 

Hopefully that fixes the blank Deployment Server UI for you.

 

 

 

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...