All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Cannot select custom app for new index

mwcentracomm
Explorer
‎01-31-2022 05:21 AM

I added a new index to my enterprise server, but on the indexer I cannot add it because it will not allow me to select the custom app.

Labels (1)
Labels
0 Karma
Reply

diogofgm
SplunkTrust
SplunkTrust
‎01-31-2022 05:26 AM

Can you give more details about this issue you're facing?
How is your splunk infra design? is it standalone or distributed? 
If its distributed how are you deploying the configurations? Using deployment server?
What are you trying to accomplish?

------------
Hope I was able to help you. If so, some karma would be appreciated.
0 Karma
Reply

mwcentracomm
Explorer
‎01-31-2022 05:41 AM

I am new to this environment, so distributed I believe.  There is a heavy forwarder, two search heads, an indexer, a server listed as console (which is the server we logon for searches) and another server of which I do not know what it does (simply named DDMD).

I have added new indexes and inputs on the main server, but they are showing no events.

I have read I also need to add the indexes to the indexer, when trying to do this, I cannot select the same custom app for indexes that all the others on that server are using.

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎01-31-2022 05:54 AM

Hi

here https://docs.splunk.com/Documentation/Splunk/8.2.4/InheritedDeployment/Introduction is excellent guide to get familiar with your environment. Based on it, you should get clear understand what you have.

If/when you have a distributed environment there are (as you told) several servers with different roles like search head, indexer(s),  manager node (if there is indexer cluster), heavy forwarders, UF and maybe DS (deployment server), LM (license manager, could be some other server as additional role) and MC (monitoring console). If you have monitor console on place you can use it as getting topology of your environment.

When there are separate search head (where you normally log with GUI) and indexer(s) and/or MN then you must add index definitions to indexer peers or if you have indexer cluster then into manager node and then deploy those to peers.

r. Ismo

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...