Hello,

We are using Splunk DB Connect 2 in a search head clustering environment.
Whenever we have to set up a new database input, we set up the input on the DBX2 app on the deployer (separate Splunk instance from search heads) and then do cp -rf /apps/splunk/etc/apps/splunk_app_db_connect /apps/splunk/etc/shcluster/apps
and run splunk apply shcluster-bundle -target https://nameofonesoftheearchheadclustermember:port. It gets pushed out to all search head cluster members, but the input actually runs on the captain only.

Question is, should the input we originally set on the deployer be set to disabled or left in an enabled state?

If we leave it enabled - won't the input run from two places and create issues?
If we leave it disabled - next time when there is a need to set up a new input, before pushing the new input to search heads, we have to enable all previous inputs, else all the previous inputs go to disabled state on search heads.

On a side note: Does any one have issues deleing an existing input created on the DB Connect 2 app from the GUI? I tried, but it simply wont go away, and I have deleted it from the inputs.conf.

Thanks,
Simon Mandy