Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Highlighted
Solved! Jump to solution

Which Add Data button should I use to import data into a clustered index?

mpulis8966
Explorer
‎11-29-2016 09:26 AM

In our Splunk Enterprise Environment, we have 3 search heads, 7 indexers, and a cluster master.

If we wanted to use the "Add Data" button to import a log file into a clustered index, where should I use the "Add Data" button?

Cluster Master?

Search head?

One of the indexers and it will distribute it to the other indexes?

0 Karma
Reply
1 Solution
Highlighted
Solved! Jump to solution

Re: Which Add Data button should I use to import data into a clustered index?

mpulis8966
Explorer
‎11-29-2016 09:28 AM

Splunk v6.3.2

0 Karma
Reply
Highlighted
Solved! Jump to solution
Solution

Re: Which Add Data button should I use to import data into a clustered index?

mpulis8966
Explorer
‎11-30-2016 09:15 AM

Looks like the Answer is Any Clustered Indexer UI will import the data into the indexes using the Add Data Button

If you want to import multiple files you can upload the files to one of the indexers , log into that indexers UI and use the monitor folder option for add data

if you want to use your id rather than admin be sure you have the "edit_indexes" role under “capabilities” section.

View solution in original post

0 Karma
Reply