About sbutkowskiR1

sbutkowskiR1 · ‎04-27-2023

I am so sorry no one has replied to this post. I have the EXACT same issue. Did you end up finding a solution to this? I would be interested in pursuing that. Thank you. -Steve

sbutkowskiR1 · ‎04-18-2023

Thank you so much. Funny story. We had a call scheduled with our Splunk migration architect not long after I posted this and this was EXACTLY the fix we implemented. The only additional step was that I logged into the Heavy Forwarder's GUI and was able to delete the record for the host from Settings> Forwarder Management, then proceeded to rebuild the Forwarder List. Worked like a charm! 🙂

sbutkowskiR1 · ‎04-18-2023

Greetings all. I'm relatively new to Splunk and did not see an answer for this particular issue in the KB. Any help is appreciated. I have alerts turned on for missing forwarders and am being notified every 15 minutes that one is missing. After a small amount of investigation, I found that this Windows host has been permanently powered down. I would like to remove this host, not only from alerting, but from Splunk Cloud all together. I DO need to keep its historical data as we are in the Financial Tech industry and our retention policies are auditable. Does anyone know how to remove said host, but keep a record that it was there before removing it? Thank you very much. If there is any more information necessary, I would be happy to provide it.

Posts	3
Solutions	0
Karma Given	1
Karma Received	1
Member Since	‎04-18-2023

Online Status	Offline
Date Last Visited	‎04-27-2023 09:14 AM

How to remove a host from Splunk Cloud, but not it...

Re: Why is "Application Name" field is available i...

Re: How to remove a host from Splunk Cloud, but no...

How to remove a host from Splunk Cloud, but not it...