Solved: Re: How do you make sure that a specific index of ...

superhm · ‎03-29-2019

Hello.

In the distributed search function, I want to make sure that specific index of the indexers can be searched from the search head.

How can I do this?

ex)
- Search Head
- Indexer-1 : All indexes
- Indexer-2 : _audit (Just one index)

Thank you.

harsmarvania57 · ‎03-29-2019

Hi,

As far as I know you can't achieve this. When you create role on search head and assign specific indexes access & when you run search on search head in distributed environment, the search distribute to all the indexers so you can't restrict to only search _audit index from indexer2 and all indexes from indexer1.

View solution in original post

harsmarvania57 · ‎03-29-2019

Hi,

As far as I know you can't achieve this. When you create role on search head and assign specific indexes access & when you run search on search head in distributed environment, the search distribute to all the indexers so you can't restrict to only search _audit index from indexer2 and all indexes from indexer1.

superhm · ‎03-31-2019

Thank you for your advice...

How do you make sure that a specific index of the indexers can be searched from the search head?

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor