Deployment Architecture

Start a Conversation

Discussions

Start a Conversation

Thread Info

How should I go about Splunk DDAA storage?

Hi, In Splunk cloud environment we are using Splunk DDAA to archive the data for 1 year(DDAA retention period). Bu...

by New Member in

Search Head in a Search Head Cluster is in manual detention, but still taking searches?

I need to upgrade a Search Head Cluster from 7.3.4 to 8.1.9 and I have run the first two commands: splunk upgrade-...

by Communicator in

Where to check the clock skew?

I have issues with clustering .I tried running the resync command but it says "Downloaded an old snapshot created 100...

by Builder in

What is the best naming convention for serverclasses?

Hello, I'm currently trying to update our Splunk environment, but one problem I'm having is getting our server clas...

by Engager in

VM Resource Spec for Dedicated Deployment Server- Is there a limit of number of forwarders?

Is there a limit of number of forwarders that a single dedicated deployment server can connect with? We're trying ...

by New Member in

In Two-Tiered Splunk Deployment Server Architecture, do we need to do the command splunk reload deploy-server twice?

We are planning to migrate to a Two-Tiered Splunk Deployment Server Architecture. Do we have guidelines that we can c...

by Communicator in

What configuration do I need to change to make owner and permission of the app not to change?

The deployment server and the UF both run on linux. In deployment server the app owned by splunk: splunk but when I ...

by Loves-to-Learn Lots in

How many gateways can be deployed for 5000 collectors?

Hi Community Please suggest how many gateways can be deployed for 5000 collectors?

by Loves-to-Learn in

How to evict buckets from smartstore cache?

I'm testing Smartstore feature and I would like to test search performance when all buckets have to be downloaded fro...

by New Member in

How to resolve this error: add-ons TA-Webtools curl post invalid format json?

I need to make a POST using the TA-Webtools addons curl, for the following json, but this problem is happening.I've d...

by Loves-to-Learn in

Why is hub2 unable to contact MCN?

Hello all, My setup has 2 hubs, Hub1 with 2 indexers and a Master Cluster node and hub2 with another 2 indexe...

by Explorer in

Search Head Cluster - can't add members after captain bootstrap (8.1.2)?

I am rebuilding a SH cluster from scratch. I've followed the documentation carefully to this point. I have the shclus...

by Path Finder in

How to Install 2 version of DB Connect in the same instance?

Hi Splunkers , As the Subject mentions , I want to run 2 version of Splunk DB connect on the same instance .Existi...

by Observer in

How to move indexed data from default directory to custom directory?

Hello All, I want to move my indexed data from the default directory i.e. /opt/splunk/var/lib/splunk to a differen...

by Explorer in

How would I set up a Multisite and Single-Site Environment?

Hey everybody, I am trying to set up a mix of multisite and single-site indexer cluster in an splunk enterprise en...

by Path Finder in

Why does multisite clustering require 1 manager node?

I have a question about studying multi-site clustering. In a multi-site clustering environment, search heads and pe...

by Path Finder in

How to resolve "ERROR KVStorageProvider - An error occurred during the last operation" in indexers

Hi Team , We are getting the below internal errors in majority of our indexers "timestamp ERROR KVStorageProvider...

by Path Finder in

[HEC] SHIFT-JIS Character recognition

I have some data that is being collected from an AWS lambda and delivered to Splunk via HEC with the listeners on the...

by Splunk Employee in

Replication errors : having artifact replication issues between the SHs

In SHC with the version 8.2.10, from time to time we found this type of ERROR messages from SHCRepJob as below; - s...

by Splunk Employee in

splunk default user

When I install Splunk Enterprise or Splunk universal forwarder on Linux I note that by default making a new user name...

by Explorer in

Get Updates on the Splunk Community!

Deployment Architecture

Discussions

How should I go about Splunk DDAA storage?

Search Head in a Search Head Cluster is in manual detention, but still taking searches?

Where to check the clock skew?

What is the best naming convention for serverclasses?

VM Resource Spec for Dedicated Deployment Server- Is there a limit of number of forwarders?

In Two-Tiered Splunk Deployment Server Architecture, do we need to do the command splunk reload deploy-server twice?

What configuration do I need to change to make owner and permission of the app not to change?

How many gateways can be deployed for 5000 collectors?

How to evict buckets from smartstore cache?

How to resolve this error: add-ons TA-Webtools curl post invalid format json?

Why is hub2 unable to contact MCN?

Search Head Cluster - can't add members after captain bootstrap (8.1.2)?

How to Install 2 version of DB Connect in the same instance?

How to move indexed data from default directory to custom directory?

How would I set up a Multisite and Single-Site Environment?

Why does multisite clustering require 1 manager node?

How to resolve "ERROR KVStorageProvider - An error occurred during the last operation" in indexers

[HEC] SHIFT-JIS Character recognition

Replication errors : having artifact replication issues between the SHs

splunk default user

Splunk APM & RUM | Upcoming Planned Maintenance

Part 2: Diving Deeper With AIOps

User Groups | Upcoming Events!

How should I go about Splunk DDAA storage?

SSH Weak Key Exchange Algorithms Enabled

"All Configurations" timeout issue while accessing...

Configuration Bundle Actions Last Validate and Che...

How to return old version of distsearch.conf file?