Splunk Search

hosts not visible

rajballa
New Member

Hi,

Configured splunk universal forwarders on windows & linux hosts through splunk deployment server, which are visible, when check under settings--> Forward Mgmt but when trying to check the hosts under Search & Reporting-->Data Summary when clicked, the hosts are not visible.

Appreciate if any one can help with how to add or configure hosts to be visible under Data summary.

Thanks in advance

Tags (1)
0 Karma

mayurr98
Super Champion

hey @rajballa

You will be able to see hosts under data summary only when you are monitoring any files.From the description you have given, I think you have only configured forwarders.You need to add monitor inputs as well.
Well if you want to see if your forwarder is configured properly then you can run this command.If you getting data after running this command means you have configured your forwarder correctly

index=_internal host=<your_host>

let me know if this helps!

0 Karma

rajballa
New Member

Hi mayurr98,

thanks, using the above command it displays the data if I set the time as "Last 30 days". but as said when I click on Data Summary button, the hosts are not visible.

Can you help with the steps on how to add monitor inputs.

Thanks in advance

0 Karma

rajballa
New Member

Thank you mayurr98.
I have the same document too. Since I am new to this splunk, when trying to use the steps specified in the said doc, not able to understand - what to select - when click browse button under files and directories.

Not able to select the host.

0 Karma

mayurr98
Super Champion

you are confusing your self if your host is at the remote location i.e. on the forwarder then you have to do using CLI. you need to have a file to index something. refer the second doc that I gave.

you need to execute ./splunk add monitor <path of file> on the forwarder.
and you do not need to select the host . Splunk will take it automatically. using Splunk web you can monitor files of the local machine only.and there as well do not need to select any host.
If you want to load any sample data then look for below doc
https://docs.splunk.com/Documentation/SplunkCloud/6.6.3/PivotTutorial/GetthetutorialdataintoSplunk

0 Karma

mayurr98
Super Champion

follow this doc if you want to index local files from the indexer
http://docs.splunk.com/Documentation/SplunkCloud/6.6.3/Data/MonitorfilesanddirectorieswithSplunkWeb

if you have forwarder which is at the remote location then follow this doc
https://docs.splunk.com/Documentation/SplunkCloud/6.6.3/Data/MonitorfilesanddirectoriesusingtheCLI#E...

0 Karma

p_gurav
Champion

Hi,

Is it single server deployment OR distributed environment?

0 Karma

rajballa
New Member

It is a single server deployment

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...