Solved: Replicated Indexes Not Appearing In Cluster Dashbo...

dcparker · ‎02-12-2013

Hey,

I have set up a clustered Splunk deployment in a lab environment to test. By default, I see _internal and _audit as my replicated indexes. The main index is not there for some reason. I have also added two new indexes in the indexes.conf in master-apps. I verified that this is being pushed to the slave-apps directory on the peers. I also verified that repFactor was set to auto. Any reason why this wouldn't be working or something I missed?

On the search head, when I search _internal, I get results from all 4 peers, so I know that is working.

Thanks for any help you can provide.

mahamed_splunk · ‎02-20-2013

Can you make sure that the main index has some data? If the index is empty, then there is nothing to replicate and it won't show up in the dashboard as well.

View solution in original post

mahamed_splunk · ‎02-20-2013

Can you make sure that the main index has some data? If the index is empty, then there is nothing to replicate and it won't show up in the dashboard as well.

dcparker · ‎02-21-2013

This was correct. I had a forwarding issue and it was not sending data to the proper index, so it did not appear in the clustering dashboard.

Replicated Indexes Not Appearing In Cluster Dashboard

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases