Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Data Archival-Clustered environment

garima_chauhan
Path Finder
‎01-27-2014 03:21 AM

Hi,
I have set up a clustered environment for testing purpose. The cluster comprises of 2 peers, a search head, a master node and a universal forwarder. All components are Splunk v5.0.5. I have set both the search factor and replication factor 2. I want to archive the data on each of the peers. When I push the common indexes.conf from the master node, I get indexing errors and the configuration does not work. If, I need to archive the data from both the peers, do I need to have a separate indexes.conf for each peer?

Thanks in anticipation.
Please respond.

Tags (2)
0 Karma
Reply

Steve_G_
Splunk Employee
Splunk Employee
‎01-28-2014 04:32 PM

All indexes need to be identical across all peers, if you want the data in the indexes to be replicated. See: http://docs.splunk.com/Documentation/Splunk/latest/Indexer/Configurethepeerindexes

Did you set repFactor=auto for any new indexes? If not, that might be the source of your configuration problems. This is explained in the topic referenced above.

0 Karma
Reply

garima_chauhan
Path Finder
‎01-31-2014 12:17 AM

Thanks Steve G. It turns out that the indexing errors that I was recieving were due to wrong configuration of archival policy.

0 Karma
Reply

austincisneros
New Member
‎02-04-2019 10:50 AM

https://www.conducivesi.com/splunk-archiver-video/

0 Karma
Reply
Get Updates on the Splunk Community!

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...

Automatic Discovery Part 3: Practical Use Cases

If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...