Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Precedence of log retention configuration

ateesh
Observer
‎04-09-2021 11:54 PM

Hi Team,

Our Splunk License is going to get expired and we are working to get a new license .Our current environment is a clustered one with 12 indexers ,1 SH ,1 CM and 1 DS . However we have decided to stop the ingestion of data and would like to keep Splunk intact only for searching of the already indexed data . As a result we are planning to move to Free-license for time being . We do understand in free license clustered model wont work and each splunk instance become standalone but we are okay to perform the search on individual indexer if required . However our concern is the log retention configuration is currently placed in the following directory in all of the indexers that is /files0/splunk/etc/Master-app /_cluster/local/indexer.conf , will this still have higher precedence over /files0/splunk/etc/system/default/indexer.conf or do we need to make changes ?

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...