- Splunk Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- Re: splunk restart on all my forwarders
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Some of my logs stops getting indexed until i do a splunk restart on those forwarders.
So can u tell me a way i can do a splunk restart on all the forwarders.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you are using a Deployment Server and it has deployed any app to every forwarder, you can edit the app to enable restartSplunkd and then modify the app on the DS in some trivial way and do $SPLUNK_HOME/bin/splunk reload deploy-server.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you are using a Deployment Server and it has deployed any app to every forwarder, you can edit the app to enable restartSplunkd and then modify the app on the DS in some trivial way and do $SPLUNK_HOME/bin/splunk reload deploy-server.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
[serverClass:bizx_server-node]
webserver subnet
whitelist.0 = 10.10.20.
application-server subnet
whitelist.1 = 10.10.30.
db-server subnet
whitelist.2 = 10.10.40.
customer facing subnet
whitelist.3 = 10.10.36.
restartSplunkd = true
[serverClass:bizx_server-node:app:sfapp_all_bizx]
I have added restartsplunkd=true in my serverclass.conf for one of the serverclasses.
So It means that when i do a reload deploy-server -class bizx_server-node on my deployment server then all these ip ranges whitelisted above should get restarted . correct ??
But its not happening. I tried . And waited for around 10 hours but still didn't work .
Whereas when i manually logged into that forwarder and did a splunk restart the particular log file came up within a fraction of second.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Thanks but is there any limitation on the number of forwarders ? will it by any chance affect performance.
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is this hypothetical or do you have an actual system in need of Splunk restarts on forwarders? There is a practical limit on the number of forwarders that should be controlled by a single DS. If you connect to many, you will overwhelm your DS. A very general maximum is 500 clients per DS. You can read more details here:
http://wiki.splunk.com/Deploy:DeploymentServer
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
[serverClass:bizx_server-node]
webserver subnet
whitelist.0 = 10.10.20.*
application-server subnet
whitelist.1 = 10.10.30.*
db-server subnet
whitelist.2 = 10.10.40.*
customer facing subnet
whitelist.3 = 10.10.36.*
restartSplunkd = true
[serverClass:bizx_server-node:app:sfapp_all_bizx]
I have added restartsplunkd=true in my serverclass.conf for one of the serverclasses.
So It means that when i do a reload deploy-server -class bizx_server-node on my deployment server then all these ip ranges whitelisted above should get restarted . correct ??
But its not happening. I tried . And waited for around 10 hours but still didn't work .
Whereas when i manually logged into that forwarder and did a splunk restart the particular log file came up within a fraction of second.
Introducing the Splunk Community Dashboard Challenge!
Wondering How to Build Resiliency in the Cloud?
Updated Data Management and AWS GDI Inventory in Splunk Observability
