All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk_TA_Windows deployment on a Search Head

dersa
Path Finder
‎07-26-2023 07:20 AM

Hi, we have a distributed Splunk environment and I have successfully deployed the UF to Windows Server. I am getting data into my Indexer. 

My question is regarding the Search Head cluster. I believe I need to deploy the TA also to the Search Heads to get properties from the props.conf and other files.

Do I need to deploy the complete TA to my Search heads or just specific files?

Thanks in advance

Alex 

Labels (2)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎07-26-2023 07:47 AM

Deploy the complete TA with inputs disabled to your SH.

---
If this reply helps you, Karma would be appreciated.
Reply

nniranjanreddy
Engager
‎07-26-2023 07:40 AM

Hi, 

You can install Splunk_TA_Windows on search head by removing the inputs.conf file for managing KOs & other Search time functionalities.

Refer the below documentation:
https://docs.splunk.com/Documentation/AddOns/released/Windows/Install#Distributed_deployment_feature...

You can install this add-on on a search head cluster for all search-time functionality, but configure inputs on forwarders to avoid duplicate data collection.
Before you install this add-on to a cluster, make the following changes to the add-on package: Remove the inputs.conf file.

Reply

dersa
Path Finder
‎07-26-2023 07:42 AM

Thanks for the quick reply. I'll give it a try right now.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎07-26-2023 08:29 AM

Hi @dersa ,

I'm agree with @richgalloway : I don't like to customize add-ons, I always prefer to use standard add-ons, eventually disabling inputs, to avoid, for the updates, to remember the customizations you did and make them every time.

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...

Unlock Instant Security Insights from Amazon S3 with Splunk Cloud — Try Federated ...

Availability: Must be on Splunk Cloud Platform version 10.1.2507.x to view the free trial banner. If you are ...