Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Adding Servers monitored by Splunk

dina_vaghjiani
New Member
‎10-17-2012 08:10 AM

We are going through the process of adding more servers to our fleet and monitor them with splunk.
1. Does anyone know an easy way of grabbing a list of all the servers which currently report into splunk?
2. And does anyone know how I can configure a server to report to a newly added splunk server?

Many Thanks

[edited title]

Tags (3)
0 Karma
Reply

yannK
Splunk Employee
Splunk Employee
‎11-02-2012 11:24 AM

It depends of what you want to do :

  • to get the list of the monitored hosts, do a search on the host
  • get the list of your existing forwarders, enable the "Deployment Monitor" app and look at the reports of the forwarders
  • to add new indexers, and load balance your data between all your indexers :

Here is the classic procedure to add a new indexer to the cluster.

On the new indexer,

  • define all the indexes,
  • setup all the props/transforms required for the indexing of your sourcetypes.
  • open the listening ports (splunktcp 9997 by example)
  • List item

On the search-head,

  • add the new indexer as a search-peer (manager > distributed search)

On each forwarders :

0 Karma
Reply

dina_vaghjiani
New Member
‎11-02-2012 08:52 AM

Hi I mean "sending logs". We have a number of servers whose log files we can analyse via splunk, I want to know the full list of which servers and how to add a server.

0 Karma
Reply

bmacias84
Champion
‎10-17-2012 10:03 AM

@dina_vaghjiani, Are you looking for getting your new splunk server or forwarders to "report into" a Deployment server or licensing server.

0 Karma
Reply

Ayn
Legend
‎10-17-2012 08:12 AM

Define "report into" - do you mean that they're sending logs, or that they're deployment clients, or a bit of both?

Reply
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...