All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk App for Unix not showing hosts from peered indexers...

samlll42
Explorer
‎07-01-2014 05:25 PM

Hi Everyone

Problem: On Splunk App for Unix (latest versions of all the components) on a search head I cannot see hosts from indexers peered to the search head. The data is there if I do a search on index=os ( I can see perf data for all the hosts: CPU, PS etc...), but in the dashboard I can only see the hosts indexed locally (local host and a forwarder). What am I doing wrong?

Example:

= splunk-search (local indexer and search-head) peered with splunk-indexer

=== splunk-forwarder X (forwarding to splunk-search)

=== splunk-forwarder Y (forwarding to splunk-search)

=splunk-indexer (local indexer)

=== splunk-forwarder A (forwarding to splunk-indexer)

=== splunk-forwarder B (forwarding to splunk-indexer)

=== splunk-forwarder C (forwarding to splunk-indexer)

If I go to Splunk App for Unix dashboard on splunk-indexer I can see hosts for:

  • splunk-indexer (local) + splunk-forwarder A, B, C (which is expected)

If I go to Splunk App for Unix dashboard on splunk-search I can only see hosts for:

  • splunk-search (local) + splunk-forwarder X,Y - NOT splunk-indexer, nor splunk-forwarder A, B and C

But when I do a search on splunk-search index=os I can see data being found for all hosts.

Do I need to setup Splunk App for Unix in a specific way to display data for remote/peered indexes?

Reply

Strunk
Explorer
‎07-17-2014 08:49 AM

See this question:

http://answers.splunk.com/answers/132477/adding-hosts-to-splunk-app-for-unix

What worked for me was following those instructions to ensure each host was added to a group, which was then added to a category. I'm guessing that because I deployed the app to the universal forwarders/deployment clients after installing the app on the deployment server/index, the categories and groups weren't populated automatically.

Reply

Strunk
Explorer
‎07-17-2014 08:35 AM

I'm having the same problem, with getting data back from universal forwarders. The data is making it to the indexer/deployment server, but it's not showing up in the dashboard.

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...