Deployment Architecture

Discussions

Thread Info

Splunk Attack Range v4 Local Ubuntu

Hi!Is it possible to deploy a local attack range with Ubuntu? I read from splunk github repo that running this locall...

by New Member in

How Do I Move Data from my Indexes to an S3 Bucket in a Text or CSV format?

Hi all, I'm looking for a way to copy all of the logging from an index to an S3 bucket on my company account. Ide...

by Engager in

How to enable clustering ?

Hi, Please guide me how to enable clustering (splunk enable cluster-master, splunk edit cluster-config) for one in...

by Explorer in

What is the meaning of "LocalCollector - Final required fields list" and the list of fields afterward (in search.log)?

What is the significance of the list of fields in "search.log", in the line that contains "INFO LocalCollector - Fina...

by Explorer in

Active Directory Deployment Failure in Splunk Attack Range Build

I encountered an issue where the Active Directory configuration, despite being set in attack_range.yml, failed to pro...

by Contributor in

How to replicate non clustered buckets to clustered data

Hi we wanted to migrate standalone indexer to multisite cluster, with 2 site. Below are my questions 1. Can I fi...

by Communicator in

Splunk Server OS Security patching

Hello, Our operations team is supposed to perform OS Security patching on indexer cluster, search head, Heavy Forwa...

by Path Finder in

Splunk Remote Upgrader for Linux Universal Forwarders from Deployment Server

We are attempting to upgrade Splunk Universal Forwarders using the UF Remote Upgrade Add-on. As per Splunk document...

by Path Finder in

ingesting syslog data

I want to ingest syslog from different devices like ESXI Hosts, firewalls (fortigate, palo alto), switches can somebo...

by Path Finder in

KVStore does not start when running Splunk 9.4

I am posting this to maybe save you from few hours of troubleshooting like I did.I did clean install of Splunk 9.4 in...

by Communicator in

Is there a limit to how many Search Heads can be part of a Cluster?

Is there a limit to how many Search Heads can be part of a Cluster? We have a fairly large deployment and I wanted...

by Explorer in

How i can remove unused fields in extracted fields using "Delimiters" ?

Hi all, I’m extracting fields from an event using the Field Extractor with a pipe (|) delimiter for sourcetype=aler...

by Contributor in

Remote Upgrader for linux uf

I have already deliver the splunk remote upgrader tgz ,with depoyment server. Can i deliver a script too to automat...

by Loves-to-Learn in

Splunk Monitoring Console HA Set-up

Hi, I have a requirement to implement the Splunk Monitoring Console (DMC) in a High Availability (HA) setup. At pre...

by Explorer in

KVStore does not start when running Splunk 9.4 ( WITH A SOLUTION )

After completing the upgrade from Splunk Enterprise version 9.3.3 to v9.4 the KVstore will no longer start. Splunk ha...

by Path Finder in

inflight file clean up

In my indexer cluster, one of my indexers has inflight files in the cold and warm storage that range from 1.5-2 month...

by Explorer in

SC4S vs “syslog servers tier”

Why SC4S over a generic “syslog servers tier” 1. It is Splunk’s best practice todaySplunk Validated Architectures c...

by Communicator in

Deployment Server: Duplicate clients after reinstalling the UF

Hi I hope you are doing well. I have reinstalled the UF after that i found there are duplicate clients on the D...

by Path Finder in

Can universal forwarders have 2 different deployment server IPs in case the first fails?

I have UFs in the DMZ and internal networks with a load balancer managing traffic between both zones. There is a sing...

by Path Finder in

splunkforwarder 9.x requires tty enabled in k8s sidecar?

Hello folks, We are doing splunkforwarder upgrade to 9.4.x (from 8.x) recently, we build the splunk sidecar image f...

by New Member in

Search head keeps failing in search head cluster

This was the search head that kept failing: splunk > /appl/splunk/bin/splunk show shcluster-status -auth admin:adm...

by New Member in

Settings for 1year retention period

I have this small Splunk Enterprise deployment in a lab that's air gapped. So I setup this deployment about 18 mont...

by Communicator in

How can I deploy the TA_nix on the deployment server?

What would be the proper way to deploy the TA_nix on the deployment server, is the reload option available or do I ne...

by Motivator in

How does the deployment server deploy to itself?

I have two DSs that fail to deploy the TA_nix to themselves, how is it normally done? meaning how does the deployment...

by Motivator in

UBA Installation LVM Volume management

Hi Everyone, I am in the process of installing Splunk UBA and have a question regarding the storage partitioning re...

by Contributor in

Get Updates on the Splunk Community!

Deployment Architecture

Discussions

Splunk Attack Range v4 Local Ubuntu

How Do I Move Data from my Indexes to an S3 Bucket in a Text or CSV format?

How to enable clustering ?

What is the meaning of "LocalCollector - Final required fields list" and the list of fields afterward (in search.log)?

Active Directory Deployment Failure in Splunk Attack Range Build

How to replicate non clustered buckets to clustered data

Splunk Server OS Security patching

Splunk Remote Upgrader for Linux Universal Forwarders from Deployment Server

ingesting syslog data

KVStore does not start when running Splunk 9.4

Is there a limit to how many Search Heads can be part of a Cluster?

How i can remove unused fields in extracted fields using "Delimiters" ?

Remote Upgrader for linux uf

Splunk Monitoring Console HA Set-up

KVStore does not start when running Splunk 9.4 ( WITH A SOLUTION )

inflight file clean up

SC4S vs “syslog servers tier”

Deployment Server: Duplicate clients after reinstalling the UF

Can universal forwarders have 2 different deployment server IPs in case the first fails?

splunkforwarder 9.x requires tty enabled in k8s sidecar?

Search head keeps failing in search head cluster

Settings for 1year retention period

How can I deploy the TA_nix on the deployment server?

How does the deployment server deploy to itself?

UBA Installation LVM Volume management

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

October Community Champions: A Shoutout to Our Contributors!

Splunk Attack Range v4 Local Ubuntu

Active Directory Deployment Failure in Splunk Atta...

State of SIR in ServiceNow not capturing

Offline Logging and oberservability - on permises

v0.116.0 upgrade for EKS cluster gives webhook err...

Deployment Architecture

Are you a member of the Splunk Community?

Discussions