Deployment Architecture

Ask a Question

Discussions

Thread Info

How do I find out how many indexes in my splunk environment?

Hey guys, I am relatively new to splunk, and I was wondering if there is a way to find out how many indexes are in...

by Engager in

Why do newly created indexes not show up on the search head?

Hi fellow Splunkers! I have a working distributed environment, containing an indexer cluster with a separate maste...

by SplunkTrust in

Splunk on Kubernetes - replication constraints

Hi, i am running Splunk on Kubernetes with SmartStore. In order to increase node CPU/memory utilization, I have co...

by New Member in

Cold to Frozen buckets question

Hi @All, I will explain my situation now: On my Splunk Enterprise (7.2.6) environment I have configured the option...

by New Member in

How to set a new pass4SymmKey password on a search head cluster deployer?

Hello, We have a Search head cluster in our environment and the person who set up the Deployer initially forgot th...

by Motivator in

Migrating files from etc/system to slave-apps in cluster

Hi, i was running a single indexer which has props / transforms in etc/system/local. The indexer was migrated to a...

by Builder in

Deployment Server - local folder not being pushed to Search Head cluster

On my Deployment server in the /opt/splunk/etc/deployment-apps directory, I have the Splunk_TA_f5-bigip app with a lo...

by Influencer in

Why is collectd service is not sending data to splunk on Ubuntu 16?

collectd service is not sending data to splunk on Ubuntu 16. Jan 28 08:07:10 cga2ubctd systemd[1]: Starting Statis...

by New Member in

Distributed Tracing View

Hi All, We have logs from IIS Servers and application service k8s pod logs which details TraceId, SpanId and pare...

by New Member in

The average load on our linux heavyforwarder is around 20, what can I do to reduce it and will increasing core count help in ways ?

The average load on our linux heavyforwarder is around 20. what can i do to reduce it and will increasing core count ...

by Path Finder in

Multi-site architecture - Is it possible to set different retention timeframes for the same index at two different sites?

In the multi-site architecture models, it is not clear what settings on retention are available to you. Is it poss...

by Path Finder in

How to create a splunk query that will list the applications on the members of the search head cluster?

i need a splunk query that will the list the applications on each member of the search head cluster. i am running the...

by Explorer in

Can we administer the serverclass.conf via the UI only?

Yesterday I saw the following within serverclass.conf - [serverClass:<name>] whitelist.0 = <server1>.<domain>.com...

by Motivator in

timechart span not working

index="myindex" cluster="mycluster" http_request="/" | bucket _time span=5m | timechart count by x_forwarded_for useo...

by Explorer in

Whats the best practice to manage app deployment on non-clustered indexers managed by deployment server ?

Everytime I do splunk reload deploy-server, it restarts both the Indexers (which are being managed by DS), which is o...

by Motivator in

Get Updates on the Splunk Community!

Deployment Architecture

Discussions

How do I find out how many indexes in my splunk environment?

Why do newly created indexes not show up on the search head?

Splunk on Kubernetes - replication constraints

Cold to Frozen buckets question

How to set a new pass4SymmKey password on a search head cluster deployer?

Migrating files from etc/system to slave-apps in cluster

Deployment Server - local folder not being pushed to Search Head cluster

Why is collectd service is not sending data to splunk on Ubuntu 16?

Distributed Tracing View

The average load on our linux heavyforwarder is around 20, what can I do to reduce it and will increasing core count help in ways ?

Multi-site architecture - Is it possible to set different retention timeframes for the same index at two different sites?

How to create a splunk query that will list the applications on the members of the search head cluster?

Can we administer the serverclass.conf via the UI only?

timechart span not working

Whats the best practice to manage app deployment on non-clustered indexers managed by deployment server ?

Infographic provides the TL;DR for the 2023 Splunk Career Impact Report

Splunk Lantern | Getting Started with Edge Processor, Machine Learning Toolkit ...

Enterprise Security Content Update (ESCU) | New Releases

minIO as frozen logs storage for Splunk

default_namespace on SHC

web-features.conf in Clustered Environment

Splunk integration with LastPss error as "Refused ...

Rebalancing script