Deployment Architecture

Thread Info

Moving Indexers to a New Site with RF Adjustments

Hi everyone, I have 3 indexers (in a cluster) located on Site A. The current replication factor (RF) is set to 3.I ...

by Path Finder in

Step by Step to upgrade Splunk?

Hi, we have Dev and Prod linux servers which contains Splunk agents. The infraestructure on Prod (V 8.2.2.1) cont...

by Observer in

Does Splunk support both SSO and token authentication at the same time?

Hello to the community, I try to query Splunk from an external SDK for which I am asking from our admins for a to...

by New Member in

Doubt in indexer clustering

Hi I have a 2 site architecture Site 1 - 2 indexers, 2 ES SH Site 2 - 2 indexers, 1ES SH All of them are in c...

by Explorer in

System not hashing sslPassword server.conf

Hello All I am creating an app that will have all the SSL certs and pem files in it. As part of the app I have the...

by Contributor in

Mutlisite SHC

Hi I have a following architecture and i am trying to setup my Search head cluster .i have multiple questions , if i ...

by Explorer in

Recommended Deployment Server Size

Hello Guys, I have an existing deployment server and I'm reviewing the average network bandwidth of the server. Tha...

by Path Finder in

The Client forwarder management not showing the clients

Dears, After upgraded Splunk from 9.1.2 version to 9.2.0 version, the deployment server not showing the clie...

by Explorer in

KVStore does not start when running Splunk 9.4 ( WITH A SOLUTION )

After completing the upgrade from Splunk Enterprise version 9.3.3 to v9.4 the KVstore will no longer start. Splunk ha...

by Path Finder in

CM redundancy and cluster/manager/ha_active_status response

Hello, we're implementing a distributed clustered infrastructure with CM redundancy, between the indexers/search he...

by Explorer in

Why is the KV Store status is showing as "starting" in Search Head Cluster?

We created a KV Store in a search head in clustered architecture, by adding the files collections.conf and transforma...

by Explorer in

Newbie question: How to/Should I set up a deployment server in the docker compose trial

Hi, we just started testing/experimenting with Splunk. Followed a Splunk4Rookies workshop but that focussed on the ...

by Engager in

query to check fixup , SF, RF and data is searchable in splunk

Is there is any query to check like if there is any fixup pending and also it shows SF , RF and data is searchable i...

by Path Finder in

Splunkforwarder 9:.3 failing in docker desktop

We are trying to run the splunk forwarder local to fix few vulnerabilities and getting the following error message an...

by Path Finder in

Splunk 9.3+ Deployment on CIS Red Hat 9 level 1 image - No GUI

Hey Splunk Community, I was wondering if anyone has figured out what is the cause for the GUI not to work at all in...

by Explorer in

Can't see the 'Install app from file' option (on search head cluster)

After downloading an app from splunkbase, I got the following page - On the server, after clicking Mange A...

by Ultra Champion in

Can I integrate my ServiceNow instance with my Splunk dev environment?

I have ServiceNow developer instance. Can I integrate with my Splunk dev environment. The Splunk Add on I am try in...

by Path Finder in

Deployment app on multiple serverclass

I wanted to add same base configuration for workstations and have serverclasses divided by organizations but base app...

by Loves-to-Learn Lots in

Deployment Server Uninstalling App from UF

We have clustered Deployment Servers (with NFS shared drive) because we have total of clients tens of thousands at th...

by Loves-to-Learn Lots in

Collect SunOS-SPARC Logs

Hello Splunkers! I am looking for a way to collect the SunOS-SPARC OS logs. After some research, I have tried to up...

by Engager in

Splunk icons for deployment document

Where can I find the icons that I can use for a splunk architecture diagram?

by Explorer in

How to handle homePath, coldPath and thawedPath on a single disc (mount) best praxis

Without a tiered storage model it seems like there would be little argument for using cold/frozen storage. Except pot...

by Contributor in

Why are not all indexes searchable when i have 1 broken indexer out of 2?

I have 2 indexers in a cluster. One is down and one is up. All buckets are there on the indexer that is up but still ...

by Observer in

Presenting Splunk Large-Scale Design with Mermaid / Draw.io or similar products

hi Folks, I’m preparing to present a large-scale Splunk design to stakeholders and want to make it interac...

by Super Champion in

Re-add search head.

I tried to run ./splunk remove shcluster-member -mgmt_uri https://<CAPTAIN_IP>:8089 on the non-captain search head, w...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Deployment Architecture

Discussions

Moving Indexers to a New Site with RF Adjustments

Step by Step to upgrade Splunk?

Does Splunk support both SSO and token authentication at the same time?

Doubt in indexer clustering

System not hashing sslPassword server.conf

Mutlisite SHC

Recommended Deployment Server Size

The Client forwarder management not showing the clients

KVStore does not start when running Splunk 9.4 ( WITH A SOLUTION )

CM redundancy and cluster/manager/ha_active_status response

Why is the KV Store status is showing as "starting" in Search Head Cluster?

Newbie question: How to/Should I set up a deployment server in the docker compose trial

query to check fixup , SF, RF and data is searchable in splunk

Splunkforwarder 9:.3 failing in docker desktop

Splunk 9.3+ Deployment on CIS Red Hat 9 level 1 image - No GUI

Can't see the 'Install app from file' option (on search head cluster)

Can I integrate my ServiceNow instance with my Splunk dev environment?

Deployment app on multiple serverclass

Deployment Server Uninstalling App from UF

Collect SunOS-SPARC Logs

Splunk icons for deployment document

How to handle homePath, coldPath and thawedPath on a single disc (mount) best praxis

Why are not all indexes searchable when i have 1 broken indexer out of 2?

Presenting Splunk Large-Scale Design with Mermaid / Draw.io or similar products

Re-add search head.

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

AppDynamics is now part of Splunk Ideas

Advanced Splunk Data Management Strategies

Offline Logging and oberservability - on permises

v0.116.0 upgrade for EKS cluster gives webhook err...

Does a props/transforms.conf Visio stencil exist?

My servers class Agent allways in Pending status

splunk_internal_telemetry:53 - Failed to send tele...