Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Precedence of log retention configuration

ateesh
Observer
‎04-09-2021 11:54 PM

Hi Team,

Our Splunk License is going to get expired and we are working to get a new license .Our current environment is a clustered one with 12 indexers ,1 SH ,1 CM and 1 DS . However we have decided to stop the ingestion of data and would like to keep Splunk intact only for searching of the already indexed data . As a result we are planning to move to Free-license for time being . We do understand in free license clustered model wont work and each splunk instance become standalone but we are okay to perform the search on individual indexer if required . However our concern is the log retention configuration is currently placed in the following directory in all of the indexers that is /files0/splunk/etc/Master-app /_cluster/local/indexer.conf , will this still have higher precedence over /files0/splunk/etc/system/default/indexer.conf or do we need to make changes ?

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...