Deployment Architecture

Thread Info

CSV lookup files distribution to all instances in a Splunk cluster?

Hello there! I am currently managing a Splunk Enterprise clustered environment, where I have implemented a scheduled ...

by Engager in

Forwarder Management All clients phoning home later than expected

We have a stand-alone splunk instance in a closed area. We had to roll back the server to a snapshot and now the clie...

by New Member in

RF and SF are not meeting up

Suddenly we observed /opt/data was unmounted, and ownership has changed from splunk to root. Mounted back and restart...

by Observer in

Does a props/transforms.conf Visio stencil exist?

I see multiple versions of the inputs.conf Visio stencil however I'm looking for props.conf and transforms.conf ones....

by Motivator in

How to take back up and restore saved searches in a search head clustered environment

by Splunk Employee in

SC4S with Keepalived

Hello, 2 questions but the second is more of a keepalived question than it is an SC4S question. First question is...

by Path Finder in

Error Ingest Data AWS Cloudtrail "error=Traceback (most recent call last):"

Hi Everyone, I encountered an error while ingesting sourcetype=aws:cloudtrails in AWS Apps. I attempted to ingest ...

by Communicator in

Configure SAML authentication for a search head cluster using Amazon Application Load Balancer

Hello, I am Looking for details of anyone that has successfully setup a enterprise search head cluster that is beh...

by Observer in

Playbook not showing

Hi I have created a playbook and am trying to run it from an event. But the playbook does not populate when I click o...

by Observer in

Splunk SOAR playbook Crowdstrike validation

I have playbook that validates a url given and assigns scores to it. I am able to run the playbook successfully but d...

by Observer in

Openshift Support for Splunk Universal Forwarder Docker Image

The splunk universal forwarder image currently is not compatible with OpenShift. The image architecture requires the ...

by Engager in

targetRepositoryLocation only working in global?

Hello I am unable to configure targetRepositoryLocation in serverclass.conf. Only seems o work in global. Is anyone e...

by Champion in

Heavy Forwarder Data flow

Hello Splunkers, I have a question around Splunk Architecture, would greatly appreciate the inputs from Architects....

by Path Finder in

jQuery Upgrade Issue - Need Guidance

Hi Splunkers, I received a notice about upgrading jQuery to version 3.5 or higher, and I ran a jQuery scan through ...

by Path Finder in

How to add a new search head to an existing SHC?

Hello , we are planning to add a new search head to our existing search head cluster. What are the steps I need to fo...

by Explorer in

Running Cluster Masters for servers on Different RHEL version

I am upgrading from RHEL 7 to RHEL 8 in light of end of support for Red Hat. We have a clustered environment. We have...

by Communicator in

Intermediate forwarders - queues blocked - TCP in refused for uptream forwarder

Hi splunkers. I would like to understand a tricky point. I'm using a distributed environment with 2 inte...

by Explorer in

Splunk SOAR Playbook Virustotal output IP Reputation

I've obtained this information from VirusTotal, and I want to create a playbook to check IP reputation and retrieve t...

by Communicator in

Splunk data migration from Splunk cloud to other tool

I just needed some help from Splunk regarding a request from our clients. So, a client is migrating from Splunk to Se...

by Path Finder in

The Client forwarder management not showing the clients

Dears, After upgraded Splunk from 9.1.2 version to 9.2.0 version, the deployment server not showing the clie...

by Explorer in

can we split a big shcluster to two small one?

Now we have a big shcluster for many department users, for some reason, we must spilt a department for independent us...

by Explorer in

Discrepancies between DMC server view and actual server view

I had a few questions over how the DMC gathered its information for server specifications and how to extract them. ...

by Communicator in

Can I add UBA servers as deployment server clients?

Splunk PS installed UBA a while back, and I just noticed that we are not getting OS logs from those servers into Splu...

by Path Finder in

Splunk 9.3+ Deployment on CIS Red Hat 9 level 1 image - No GUI

Hey Splunk Community, I was wondering if anyone has figured out what is the cause for the GUI not to work at all in...

by Explorer in

Suddenly, Splunk stops working

Hi all, I have a Splunk server, that suddenly stops working, and i don't know why. I've added the 'Splunk enable ...

by Communicator in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Deployment Architecture

Discussions

CSV lookup files distribution to all instances in a Splunk cluster?

Forwarder Management All clients phoning home later than expected

RF and SF are not meeting up

Does a props/transforms.conf Visio stencil exist?

How to take back up and restore saved searches in a search head clustered environment

SC4S with Keepalived

Error Ingest Data AWS Cloudtrail "error=Traceback (most recent call last):"

Configure SAML authentication for a search head cluster using Amazon Application Load Balancer

Playbook not showing

Splunk SOAR playbook Crowdstrike validation

Openshift Support for Splunk Universal Forwarder Docker Image

targetRepositoryLocation only working in global?

Heavy Forwarder Data flow

jQuery Upgrade Issue - Need Guidance

How to add a new search head to an existing SHC?

Running Cluster Masters for servers on Different RHEL version

Intermediate forwarders - queues blocked - TCP in refused for uptream forwarder

Splunk SOAR Playbook Virustotal output IP Reputation

Splunk data migration from Splunk cloud to other tool

The Client forwarder management not showing the clients

can we split a big shcluster to two small one?

Discrepancies between DMC server view and actual server view

Can I add UBA servers as deployment server clients?

Splunk 9.3+ Deployment on CIS Red Hat 9 level 1 image - No GUI

Suddenly, Splunk stops working

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

Offline Logging and oberservability - on permises

v0.116.0 upgrade for EKS cluster gives webhook err...

My servers class Agent allways in Pending status

splunk_internal_telemetry:53 - Failed to send tele...

Why are there multiple results from the reporting ...

Deployment Architecture

Are you a member of the Splunk Community?

Discussions