Data Management

Splunk Observability Cloud Splunk IT Service Intelligence Splunk Cloud Platform Splunk Enterprise Data Management Splunk Enterprise Security 8 Splunk Enterprise Security 7 Splunk SOAR Security Offerings AppDynamics SaaS About This Site Community Support Supported Add-ons

Splunk Observability Cloud Splunk IT Service Intelligence Splunk Cloud Platform Splunk Enterprise Data Management Splunk Enterprise Security 8 Splunk Enterprise Security 7 Splunk SOAR Security Offerings AppDynamics SaaS About This Site Community Support Supported Add-ons

Documentation

Data Management

Data Management Contents

Get Started

Get Data In

Transform and Route Data

Monitor and Troubleshoot

Monitor Data in Splunk Cloud Platform

Use Clould Monitoring Console

Data Sources

Integrate Data with Add-Ons

Forward Data

Ingest Data from Cloud Sources

Collect HTTP Event Data

Connect Relational Databases

Collect Stream Data

Data Transformation

Process Data at the Edge

Process Data at Ingest Time

Perform Basic Data Processing

Common Information Model

Data Destinations

Archive Data in Splunk Cloud Platform

Manage Splunk Enterprise Indexers

Splunk Cloud Platform Admin Manual

Splunk Enterprise Admin Manual

Splunk Validated Architectures

Monitor forwarder deployments

The CMC Forwarders: Deployment dashboard provides comprehensive information to Splunk Cloud Platform administrators about the status and health of the forwarders in your deployment. You can also set alerts that trigger if a forwarder is missing from the deployment.

Review the Forwarders: Deployment dashboard

This dashboard shows both current status and historical information for your forwarder deployments, with various filters so you can further refine the results. Use the top panel to enable or disable missing forwarder alerts.

This dashboard contains one panel with a variable in the title: Forwarders by <variable>.

To investigate your panels, go to Cloud Monitoring Console > Forwarders > Forwarders: Deployment. Use the following table to understand the dashboard interface.


Panel or Filter	Description
Missing Forwarder Alerts	Select enable to open this panel. Specify a Filter by Last: option to view all missing forwarder alerts reported in that time range. Select the Scheduled Search: SIM Alert - Missing Forwarders link to access the Searches, reports, and alerts page. You can do the following for this alert: Confirm that the alert is successfully running every 15 minutes. Run the alert query on an ad hoc basis. View recently run jobs. You can also manage this alert with the CMC Alerts panel. For general information about managing alerts, see the Splunk Cloud Platform Alerting Manual.
Forwarders by <variable>	The <variable> in the panel title and the data in the pie chart graph dynamically change, based on the selected Split by option. The panel title is one of the following: Forwarders by Status Forwarders by Forwarder Type Forwarders by Splunk Version Forwarders by OS Forwarders by Architecture Total: <number> forwarders indicates the total number of forwarders in the deployment.
Status and Configuration - As of <current_timestamp>	Set criteria to filter the returned results: The Instance filter accepts an asterisk (*) wildcard. Specify a Status of All, Active, or Missing. Select the Show instances forwarding internal logs checkbox to further refine the results. Total: <number> on the left side of the table indicates the number of returned instances that meet the filter criteria. The table lists the following information: Instance Type Version OS Architecture Status Last Connected to Indexers Total KB Average KB/s Over Time Average KB/s Average Events/s
Historical Data	This area includes the Total Count of Forwarders and Forwarder Connection Count panels. The specified Time Range option set here affects both panels. Specify an Overlay option to view a bar graph of the average KB per second or average events per second over time.

Interpret forwarder deployment results

Use this dashboard to identify misconfigurations or unhealthy behavior of the forwarders, such as outliers in the forwarder deployment. Misconfigurations means forwarders are sending too much or too little data. You also want to investigate any sudden spike of missing forwarders, as this could indicate a systemic failure.

Last updated: May 28, 2025

Explore Topics

Splunk Observability Cloud

Splunk IT Service Intelligence

Splunk Cloud Platform

Splunk Enterprise

Data Management

Splunk Enterprise Security 8

Splunk Enterprise Security 7

Splunk SOAR

Security Offerings

AppDynamics SaaS

About This Site

Community Support

Supported Add-ons

©2005-2025 Splunk Inc. All rights reserved.