Solved: Are Deleted event replicated to other Cluster Peer...

sat94541 · ‎11-28-2014

This question is for a splunk 2 site cluster environment (Splunk 6.1.3). We have 2 searchable copies for every index – one in each site. A few of the events for an index are deleted in site-1 using a search and delete operation through a search head. As per the splunk documentation this delete will be synced to the other site. But that is not happening! The deleted events are still present in site-2 even after 3 days.

rbal_splunk · ‎11-28-2014

I just tested and double checked that delete on site 1 got replicated to site 2, for this to work only requirement is to have the splunk management port open between all peers under cluster master (i.e for all sites).

View solution in original post

rbal_splunk · ‎11-28-2014

I just tested and double checked that delete on site 1 got replicated to site 2, for this to work only requirement is to have the splunk management port open between all peers under cluster master (i.e for all sites).

Are Deleted event replicated to other Cluster Peers - with or without Multi -site?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases