Re: Data Archival-Clustered environment

garima_chauhan · ‎01-27-2014

Hi,
I have set up a clustered environment for testing purpose. The cluster comprises of 2 peers, a search head, a master node and a universal forwarder. All components are Splunk v5.0.5. I have set both the search factor and replication factor 2. I want to archive the data on each of the peers. When I push the common indexes.conf from the master node, I get indexing errors and the configuration does not work. If, I need to archive the data from both the peers, do I need to have a separate indexes.conf for each peer?

Thanks in anticipation.
Please respond.

Steve_G_ · ‎01-28-2014

All indexes need to be identical across all peers, if you want the data in the indexes to be replicated. See: http://docs.splunk.com/Documentation/Splunk/latest/Indexer/Configurethepeerindexes

Did you set repFactor=auto for any new indexes? If not, that might be the source of your configuration problems. This is explained in the topic referenced above.

garima_chauhan · ‎01-31-2014

Thanks Steve G. It turns out that the indexing errors that I was recieving were due to wrong configuration of archival policy.

austincisneros · ‎02-04-2019

https://www.conducivesi.com/splunk-archiver-video/

Data Archival-Clustered environment

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life