Deployment Architecture

Community Activity

Deploy/upgrade SHC app to single search head node for testing Hello, is it possible to push/upgrade a SHC app to single search head for testing, in a production cluster?Thanks. by splunkreal Motivator in Deployment Architecture Monday 0 2	0	2
Splunk cluster in Docker / Kubernetes (Containerization) Hello, anyone had experience with containers for Splunk cluster? Does it fit SHC kvstore for instance or indexers? An... by splunkreal Motivator in Deployment Architecture Thursday 0 4	0	4
Conf File Variables I'm reverse engineering UF configs from an old deploy server that we're replacing and am running into variables in co... by jdmeek Explorer in Deployment Architecture Wednesday 0 2	0	2
question related to search head captain Hello.I have some question about the captain selection process.(i am very new to splunk its only been 2 months so if ... by jatin3101 Engager in Deployment Architecture 2 weeks ago 0 6	0	6
Splunk Data Lake support Can you clarify Splunk Data Lake support around schema (schema-on-read vs enforced), available APIs for ingest/query,... by ARC1 Loves-to-Learn in Deployment Architecture 2 weeks ago 0 11	0	11
how to setup Veeam app in distributed environment Hello,Veeam App for Splunk how do you install/configure the Veeam App in a distributed environment? Search Head Clust... by Andre_ Path Finder in Deployment Architecture 12-07-2025 0 3	0	3
Deployment server not deploying apps to clients DS version 9.4.5 hi All, Got a very strange issue. DS version 9.4.5. OS rhel 8+DS is not deploying app to clients. Deploy server is e... by Singhk1 Engager in Deployment Architecture 12-02-2025 0 2	0	2
splunk_internal_telemetry:53 - Failed to send telemetry event: [HTTP 401] Client is not authenticated Hei,Getting these messages constantly: Splunk Version 9.4.0 - Running on WindowsLogFile: python.log2025-01-31 23:24:1... by robxzy New Member in Deployment Architecture 12-01-2025 0 1	0	1
Splunk Remote Upgrader for Linux Universal Forwarders from Deployment Server We are attempting to upgrade Splunk Universal Forwarders using the UF Remote Upgrade Add-on.As per Splunk documentati... by msmadhu Path Finder in Deployment Architecture 12-01-2025 0 5	0	5
Best practice to integrate Citrix mcs to Splunk Hi, Splunkers, Can someone suggest what is the best practice to integrate Citrix mcs to Splunk? Our case is, we can'... by dantimola Communicator in Deployment Architecture 11-27-2025 0 3	0	3
Distributed Development About defining fixed roles meaningSh should only do searchIdx should only do indexingHf should only do log ingestion ... by Zombiesunday261 New Member in Deployment Architecture 11-20-2025 0 2	0	2
High Percentage of Small Buckets on Indexer – Mostly on _internal Index Hi Splunkers,I’m seeing a “Percentage of small buckets is high” health warning on one of my indexers.The alert shows:... by sanjai Path Finder in Deployment Architecture 11-20-2025 0 1	0	1
Intermediate forwarder auditing Consider email headers which show all the steps involved in getting the email item from where it was sent to where it... by cmeo-bcit Explorer in Deployment Architecture 11-16-2025 0 5	0	5
Why is the metadata type=hosts command for *nix search heads showing incorrect lastTime and recentTime? I am using the metadata type=host command to alert me when a forwarder goes down and am now wanting to extend it to s... by hlarimer Communicator in Deployment Architecture 11-12-2025 1 12	1	12
Steps to Migrate Splunk Enterprise (All-in-One) Instance to a New Splunk Enterprise Cluster Hi everyone,I’m currently planning to migrate an existing Splunk Enterprise All-in-One instance (Search Head + Indexe... by rayleigh29 Explorer in Deployment Architecture 11-06-2025 0 1	0	1
How to configure Splunk Forwarder inputs.conf on multiple Windows clients (no Forwarder Management option shown) Hello everyone,I have a small lab environment with one Windows Server (running Splunk Enterprise Trial) and three Win... by Sam_Kurdy Engager in Deployment Architecture 11-03-2025 0 5	0	5
Splunk Attack Range v4 Local Ubuntu Hi!Is it possible to deploy a local attack range with Ubuntu? I read from splunk github repo that running this locall... by BrenDLSantos New Member in Deployment Architecture 10-23-2025 0 0	0	0
How Do I Move Data from my Indexes to an S3 Bucket in a Text or CSV format? Hi all,I'm looking for a way to copy all of the logging from an index to an S3 bucket on my company account.Ideally, ... by dexcare-techops Engager in Deployment Architecture 10-20-2025 0 3	0	3
How to enable clustering ? Hi,Please guide me how to enable clustering (splunk enable cluster-master, splunk edit cluster-config) for one insta... by _Raj Explorer in Deployment Architecture 10-19-2025 0 5	0	5
What is the meaning of "LocalCollector - Final required fields list" and the list of fields afterward (in search.log)? What is the significance of the list of fields in "search.log", in the line that contains "INFO LocalCollector - Fin... by andrewaalin Explorer in Deployment Architecture 10-07-2025 3 2	3	2
Active Directory Deployment Failure in Splunk Attack Range Build I encountered an issue where the Active Directory configuration, despite being set in attack_range.yml, failed to pro... by zksvc Contributor in Deployment Architecture 10-05-2025 0 0	0	0
How to replicate non clustered buckets to clustered data Hi we wanted to migrate standalone indexer to multisite cluster, with 2 site.Below are my questions1. Can I find out... by bapun18 Communicator in Deployment Architecture 10-04-2025 0 2	0	2
Splunk Server OS Security patching Hello,Our operations team is supposed to perform OS Security patching on indexer cluster, search head, Heavy Forwarde... by maheshnc Path Finder in Deployment Architecture 09-25-2025 0 3	0	3
ingesting syslog data I want to ingest syslog from different devices like ESXI Hosts, firewalls (fortigate, palo alto), switches can somebo... by maheshnc Path Finder in Deployment Architecture 09-23-2025 0 9	0	9
KVStore does not start when running Splunk 9.4 I am posting this to maybe save you from few hours of troubleshooting like I did.I did clean install of Splunk 9.4 in... by MaverickT Communicator in Deployment Architecture 09-22-2025 0 7	0	7