Deployment Architecture

Community Activity

how to setup Veeam app in distributed environment Hello,Veeam App for Splunk how do you install/configure the Veeam App in a distributed environment? Search Head Clust... by Andre_ Path Finder in Deployment Architecture 2 weeks ago 0 3	0	3
Deployment server not deploying apps to clients DS version 9.4.5 hi All, Got a very strange issue. DS version 9.4.5. OS rhel 8+DS is not deploying app to clients. Deploy server is e... by Singhk1 Engager in Deployment Architecture 3 weeks ago 0 2	0	2
splunk_internal_telemetry:53 - Failed to send telemetry event: [HTTP 401] Client is not authenticated Hei,Getting these messages constantly: Splunk Version 9.4.0 - Running on WindowsLogFile: python.log2025-01-31 23:24:1... by robxzy New Member in Deployment Architecture 3 weeks ago 0 1	0	1
Splunk Remote Upgrader for Linux Universal Forwarders from Deployment Server We are attempting to upgrade Splunk Universal Forwarders using the UF Remote Upgrade Add-on.As per Splunk documentati... by msmadhu Path Finder in Deployment Architecture 3 weeks ago 0 5	0	5
Best practice to integrate Citrix mcs to Splunk Hi, Splunkers, Can someone suggest what is the best practice to integrate Citrix mcs to Splunk? Our case is, we can'... by dantimola Communicator in Deployment Architecture 3 weeks ago 0 3	0	3
Distributed Development About defining fixed roles meaningSh should only do searchIdx should only do indexingHf should only do log ingestion ... by Zombiesunday261 New Member in Deployment Architecture a month ago 0 2	0	2
High Percentage of Small Buckets on Indexer – Mostly on _internal Index Hi Splunkers,I’m seeing a “Percentage of small buckets is high” health warning on one of my indexers.The alert shows:... by sanjai Path Finder in Deployment Architecture a month ago 0 1	0	1
Intermediate forwarder auditing Consider email headers which show all the steps involved in getting the email item from where it was sent to where it... by cmeo-bcit Explorer in Deployment Architecture 11-16-2025 0 5	0	5
Why is the metadata type=hosts command for *nix search heads showing incorrect lastTime and recentTime? I am using the metadata type=host command to alert me when a forwarder goes down and am now wanting to extend it to s... by hlarimer Communicator in Deployment Architecture 11-12-2025 1 12	1	12
Steps to Migrate Splunk Enterprise (All-in-One) Instance to a New Splunk Enterprise Cluster Hi everyone,I’m currently planning to migrate an existing Splunk Enterprise All-in-One instance (Search Head + Indexe... by rayleigh29 Explorer in Deployment Architecture 11-06-2025 0 1	0	1
How to configure Splunk Forwarder inputs.conf on multiple Windows clients (no Forwarder Management option shown) Hello everyone,I have a small lab environment with one Windows Server (running Splunk Enterprise Trial) and three Win... by Sam_Kurdy Engager in Deployment Architecture 11-03-2025 0 5	0	5
Splunk Attack Range v4 Local Ubuntu Hi!Is it possible to deploy a local attack range with Ubuntu? I read from splunk github repo that running this locall... by BrenDLSantos New Member in Deployment Architecture 10-23-2025 0 0	0	0
How Do I Move Data from my Indexes to an S3 Bucket in a Text or CSV format? Hi all,I'm looking for a way to copy all of the logging from an index to an S3 bucket on my company account.Ideally, ... by dexcare-techops Engager in Deployment Architecture 10-20-2025 0 3	0	3
How to enable clustering ? Hi,Please guide me how to enable clustering (splunk enable cluster-master, splunk edit cluster-config) for one insta... by _Raj Explorer in Deployment Architecture 10-19-2025 0 5	0	5
What is the meaning of "LocalCollector - Final required fields list" and the list of fields afterward (in search.log)? What is the significance of the list of fields in "search.log", in the line that contains "INFO LocalCollector - Fin... by andrewaalin Explorer in Deployment Architecture 10-07-2025 3 2	3	2
Active Directory Deployment Failure in Splunk Attack Range Build I encountered an issue where the Active Directory configuration, despite being set in attack_range.yml, failed to pro... by zksvc Contributor in Deployment Architecture 10-05-2025 0 0	0	0
How to replicate non clustered buckets to clustered data Hi we wanted to migrate standalone indexer to multisite cluster, with 2 site.Below are my questions1. Can I find out... by bapun18 Communicator in Deployment Architecture 10-04-2025 0 2	0	2
Splunk Server OS Security patching Hello,Our operations team is supposed to perform OS Security patching on indexer cluster, search head, Heavy Forwarde... by maheshnc Path Finder in Deployment Architecture 09-25-2025 0 3	0	3
ingesting syslog data I want to ingest syslog from different devices like ESXI Hosts, firewalls (fortigate, palo alto), switches can somebo... by maheshnc Path Finder in Deployment Architecture 09-23-2025 0 9	0	9
KVStore does not start when running Splunk 9.4 I am posting this to maybe save you from few hours of troubleshooting like I did.I did clean install of Splunk 9.4 in... by MaverickT Communicator in Deployment Architecture 09-22-2025 0 7	0	7
Is there a limit to how many Search Heads can be part of a Cluster? Is there a limit to how many Search Heads can be part of a Cluster? We have a fairly large deployment and I wanted t... by katelynengel Explorer in Deployment Architecture 09-19-2025 1 8	1	8
How i can remove unused fields in extracted fields using "Delimiters" ? Hi all,I’m extracting fields from an event using the Field Extractor with a pipe (\|) delimiter for sourcetype=alert:a... by zksvc Contributor in Deployment Architecture 09-19-2025 0 3	0	3
Remote Upgrader for linux uf I have already deliver the splunk remote upgrader tgz ,with depoyment server.Can i deliver a script too to automatica... by ShawnXie Loves-to-Learn in Deployment Architecture 09-17-2025 0 5	0	5
Splunk Monitoring Console HA Set-up Hi,I have a requirement to implement the Splunk Monitoring Console (DMC) in a High Availability (HA) setup. At presen... by srek3502 Explorer in Deployment Architecture 09-10-2025 0 5	0	5
KVStore does not start when running Splunk 9.4 ( WITH A SOLUTION ) After completing the upgrade from Splunk Enterprise version 9.3.3 to v9.4 the KVstore will no longer start. Splunk ha... by triptraptresko Path Finder in Deployment Architecture 09-10-2025 5 2	5	2