Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

hosts not visible

rajballa
New Member
‎01-22-2018 06:48 PM

Hi,

Configured splunk universal forwarders on windows & linux hosts through splunk deployment server, which are visible, when check under settings--> Forward Mgmt but when trying to check the hosts under Search & Reporting-->Data Summary when clicked, the hosts are not visible.

Appreciate if any one can help with how to add or configure hosts to be visible under Data summary.

Thanks in advance

Tags (1)
0 Karma
Reply

mayurr98
Super Champion
‎01-23-2018 05:08 AM

hey @rajballa

You will be able to see hosts under data summary only when you are monitoring any files.From the description you have given, I think you have only configured forwarders.You need to add monitor inputs as well.
Well if you want to see if your forwarder is configured properly then you can run this command.If you getting data after running this command means you have configured your forwarder correctly

index=_internal host=<your_host>

let me know if this helps!

0 Karma
Reply

rajballa
New Member
‎01-23-2018 03:19 PM

Hi mayurr98,

thanks, using the above command it displays the data if I set the time as "Last 30 days". but as said when I click on Data Summary button, the hosts are not visible.

Can you help with the steps on how to add monitor inputs.

Thanks in advance

0 Karma
Reply

rajballa
New Member
‎01-23-2018 10:47 PM

Thank you mayurr98.
I have the same document too. Since I am new to this splunk, when trying to use the steps specified in the said doc, not able to understand - what to select - when click browse button under files and directories.

Not able to select the host.

0 Karma
Reply

mayurr98
Super Champion
‎01-23-2018 11:07 PM

you are confusing your self if your host is at the remote location i.e. on the forwarder then you have to do using CLI. you need to have a file to index something. refer the second doc that I gave.

you need to execute ./splunk add monitor <path of file> on the forwarder.
and you do not need to select the host . Splunk will take it automatically. using Splunk web you can monitor files of the local machine only.and there as well do not need to select any host.
If you want to load any sample data then look for below doc
https://docs.splunk.com/Documentation/SplunkCloud/6.6.3/PivotTutorial/GetthetutorialdataintoSplunk

0 Karma
Reply

mayurr98
Super Champion
‎01-23-2018 10:07 PM

follow this doc if you want to index local files from the indexer
http://docs.splunk.com/Documentation/SplunkCloud/6.6.3/Data/MonitorfilesanddirectorieswithSplunkWeb

if you have forwarder which is at the remote location then follow this doc
https://docs.splunk.com/Documentation/SplunkCloud/6.6.3/Data/MonitorfilesanddirectoriesusingtheCLI#E...

0 Karma
Reply

p_gurav
Champion
‎01-23-2018 04:53 AM

Hi,

Is it single server deployment OR distributed environment?

0 Karma
Reply

rajballa
New Member
‎01-23-2018 07:17 PM

It is a single server deployment

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...