All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Add data into splunk cluster .

email2vamsi
Explorer
‎03-30-2016 12:10 AM

I have integrated Search Head cluster with Indexer Cluster. I am able to get search peers data,search members data,forwarders data in the search head by querying index="_internal".
I have a deployment server configured on a different machine. From here i can push apps to clients.
I have the following requirement now :-
On which server (Search peer/Search head/deployment server) should i configure the process of monitoring files on forwarders(ADD Data)?
On the Search peers-> Data inputs-> Forwarded inputs -> Files & Directories ...it is displaying the following message.
"Use this page only in a single-instance Splunk environment."

Tags (1)
0 Karma
Reply

jdunlea
Contributor
‎03-30-2016 08:47 AM

"Data inputs -> forwarded Inputs - > files and directories" is used when you wish to monitor a LOCAL file/directory on that server and then forward the data from that monitoring to another server (such as an indexer)

In a distributed environment, this feature of the UI is going to provide you little to no value.

On your question as to where to configure the process of monitoring files on forwarders, you should configure "apps" in the deployment server and then deploy these apps to all of your forwarders machines. (Assuming that you have configured your forwarders as clients of the deployment server and to periodically check in with the deployment server to check for new "apps" to download).

There is plenty of documentation on Splunk's website for this.

Here are some helpful links:
About Deployment Server

Deployment Server Architecture

Reply

email2vamsi
Explorer
‎03-30-2016 10:49 AM

Thank you.
As mention by you,if the ADD DATA step is performed on dedicated deployment server. How will the search head get the data from deployment server to search? How the search peers will contact deployment server and index the data?

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Financial services organizations face an impossible equation: maintain 99.9% uptime for mission-critical ...

Customer success is front and center at .conf25

Hi Splunkers, If you are not able to be at .conf25 in person, you can still learn about all the latest news ...

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...