Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Adding Servers monitored by Splunk

dina_vaghjiani
New Member
‎10-17-2012 08:10 AM

We are going through the process of adding more servers to our fleet and monitor them with splunk.
1. Does anyone know an easy way of grabbing a list of all the servers which currently report into splunk?
2. And does anyone know how I can configure a server to report to a newly added splunk server?

Many Thanks

[edited title]

Tags (3)
0 Karma
Reply

yannK
Splunk Employee
Splunk Employee
‎11-02-2012 11:24 AM

It depends of what you want to do :

  • to get the list of the monitored hosts, do a search on the host
  • get the list of your existing forwarders, enable the "Deployment Monitor" app and look at the reports of the forwarders
  • to add new indexers, and load balance your data between all your indexers :

Here is the classic procedure to add a new indexer to the cluster.

On the new indexer,

  • define all the indexes,
  • setup all the props/transforms required for the indexing of your sourcetypes.
  • open the listening ports (splunktcp 9997 by example)
  • List item

On the search-head,

  • add the new indexer as a search-peer (manager > distributed search)

On each forwarders :

0 Karma
Reply

dina_vaghjiani
New Member
‎11-02-2012 08:52 AM

Hi I mean "sending logs". We have a number of servers whose log files we can analyse via splunk, I want to know the full list of which servers and how to add a server.

0 Karma
Reply

bmacias84
Champion
‎10-17-2012 10:03 AM

@dina_vaghjiani, Are you looking for getting your new splunk server or forwarders to "report into" a Deployment server or licensing server.

0 Karma
Reply

Ayn
Legend
‎10-17-2012 08:12 AM

Define "report into" - do you mean that they're sending logs, or that they're deployment clients, or a bit of both?

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...