Re: Possible to get the Unix App working on a 5.x ...

gryz · ‎11-20-2012

I'm looking to get the Unix App working on a Splunk 5.x cluster environment.

Anybody do this yet? Suggestions on how to do it...

Thanks!

bmacias84 · ‎11-20-2012

@gryz,

I familar witht he process but, the best I can do for you is point you to the documentation for each component. The setup will vary depending on your Operational requirement and budget. Be aware that 5.x Clustering duplicates the all indices on your Indexer.

Additional Reading:

Enableclustersindetail

Configurethemaster

Aboutdeploymentserver

Whatisdistributedsearch

Configuredistributedsearch

Hope this helps or gets you started. Dont forget to thumbs up or accept answers that help. Cheers,

gryz · ‎11-20-2012

Yes, I think what you have described is what I want.

bmacias84 · ‎11-20-2012

So what you want is Distributed Search to search knowledge objects on your search head and Clustering for your indexers. Additionally you will want to use the Deployment server or Puppet to deploy your apps like the Nix app.

gryz · ‎11-20-2012

Both I suppose.

The indexers will need the os index on them and the Search head will need the app. I'm using the TA for *nix on the forwarders.

bmacias84 · ‎11-20-2012

Are talking about your search nix app or are you talking about your indexers?

Possible to get the Unix App working on a 5.x Cluster?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!