Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Distributed Search across multiple "separate" environments

MasterOogway
Communicator
‎02-25-2011 03:05 AM

I have two separate Splunk environments: 1) syslog data for platform group 2) network data for LAN & WAN

I don't want Env #1 doing a distributed search to #2 unless we are troubleshooting a specific outage. How can I easily turn on/off distributed searches between separate Splunk environments? Would it be as simple as adding the Indexing server #2 when troubleshooting and removing when done? Or is there a better method to have this capability? And if we have a third environment or fourth environment.....could it easily expand to search them all during troubleshooting times only?

Might be a "feature" for upcoming Splunk versions to offer options to turn "on/off" cross environment searching.

Master Oogway

Tags (1)
0 Karma
Reply

karabsze
Path Finder
‎03-26-2015 07:53 PM

Seems there is a solution in version 6.2
http://docs.splunk.com/Documentation/Splunk/latest/DistSearch/Distributedsearchgroups

0 Karma
Reply

LCM
Contributor
‎02-25-2011 09:54 AM

If nothing is defined (standard), all distributed peers will be searched. However, you'd be able to that with users & roles. Use different users, e.g. standard-user for "normal" use (in this case you have to limitate user/roles priveleges for "normal" user) and like a "debug-user" to troubleshoot (no limitation).

Have a look in these docus

Reply
Get Updates on the Splunk Community!

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...