Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Adding Servers monitored by Splunk

dina_vaghjiani
New Member
‎10-17-2012 08:10 AM

We are going through the process of adding more servers to our fleet and monitor them with splunk.
1. Does anyone know an easy way of grabbing a list of all the servers which currently report into splunk?
2. And does anyone know how I can configure a server to report to a newly added splunk server?

Many Thanks

[edited title]

Tags (3)
0 Karma
Reply

yannK
Splunk Employee
Splunk Employee
‎11-02-2012 11:24 AM

It depends of what you want to do :

  • to get the list of the monitored hosts, do a search on the host
  • get the list of your existing forwarders, enable the "Deployment Monitor" app and look at the reports of the forwarders
  • to add new indexers, and load balance your data between all your indexers :

Here is the classic procedure to add a new indexer to the cluster.

On the new indexer,

  • define all the indexes,
  • setup all the props/transforms required for the indexing of your sourcetypes.
  • open the listening ports (splunktcp 9997 by example)
  • List item

On the search-head,

  • add the new indexer as a search-peer (manager > distributed search)

On each forwarders :

0 Karma
Reply

dina_vaghjiani
New Member
‎11-02-2012 08:52 AM

Hi I mean "sending logs". We have a number of servers whose log files we can analyse via splunk, I want to know the full list of which servers and how to add a server.

0 Karma
Reply

bmacias84
Champion
‎10-17-2012 10:03 AM

@dina_vaghjiani, Are you looking for getting your new splunk server or forwarders to "report into" a Deployment server or licensing server.

0 Karma
Reply

Ayn
Legend
‎10-17-2012 08:12 AM

Define "report into" - do you mean that they're sending logs, or that they're deployment clients, or a bit of both?

Reply
Get Updates on the Splunk Community!

Faster Insights with AI, Streamlined Cloud-Native Operations, and More New Lantern ...

Splunk Lantern is a Splunk customer success center that provides practical guidance from Splunk experts on key ...

Splunk Enterprise Security: Your Command Center for PCI DSS Compliance

Every security professional knows the drill. The PCI DSS audit is approaching, and suddenly everyone's asking ...

Developer Spotlight with Guilhem Marchand

From Splunk Engineer to Founder: The Journey Behind TrackMe    After spending over 12 years working full time ...