Deployment Architecture

Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
superhm

How do you make sure that a specific index of the indexers can be searched from the search head?

Hello. In the distributed search function, I want to make sure that specific index of the indexers can be searched f...
by superhm Explorer in Deployment Architecture 03-31-2019
0 2
0
2
joesrepsolc

Why can't I get the deployer to push apps to search head cluster members after a new Splunk installation?

Having this same issue now on a brand new Splunk setup (7.2.2). Search head cluster is (3), and (1) deployer. I got e...
by joesrepsolc Communicator in Deployment Architecture 03-29-2019
0 5
0
5
swmishra_splunk

Data getting duplicated due to the error:WatchedFile - File too small to check seekcrc, probably truncated. Will re-read entire file

I have a source logfile /var/splunk/log/user.log.I am sending the data from UF--->HF-->Indexer. And I am seeing the d...
by swmishra_splunk Splunk Employee Splunk Employee in Deployment Architecture 03-28-2019
0 0
0
0
jeff

what is a hot_quar_v1_ directory, vs standard hot_v1_?

According to documentation, and generally speaking in action, hot buckets are named hot_v1_<id> ... but I am no...
by jeff Contributor in Deployment Architecture 03-28-2019
3 6
3
6
yutaka1005

I can't get fully results in distributed search.

When I have searched in search head, following message was displayed. error: Some events cannot be displayed because...
by yutaka1005 Builder in Deployment Architecture 03-28-2019
0 2
0
2
nayuki

Search Head Cluster Node fall in a restarting loop

I deploy a Splunk Index Cluster, like following 10.6.113.25 (peer node)10.6.113.26 (master node)10.6.113.27 (peer no...
by nayuki New Member in Deployment Architecture 03-27-2019
0 2
0
2
splunkmajeure

Splunk logs filling drive

We have Splunk logs for Win 8.1 PCs that generate an excessive number of ~130MB log dumps in some cases. \[client]\c$...
by splunkmajeure New Member in Deployment Architecture 03-27-2019
0 0
0
0
rbal_splunk

How to add a new Search Head Cluster member to an existing SHC group if we have lost the secret key?

I have a 7 Node Search Head Cluster pool that was set up using a secret key. Unfortunately we lost secret and now we ...
by rbal_splunk Splunk Employee Splunk Employee in Deployment Architecture 03-27-2019
0 2
0
2
damucka

'anomalydetection' command: limit for values of field '_raw' reached.

Hello, I am trying to deploy the anomalydetection command and get the following warning: 'anomalydetection' command...
by damucka Builder in Deployment Architecture 03-27-2019
0 0
0
0
digisplunker

enabling search head on a single index in a index cluster

I am in a situation where we have a PROD and DR index cluster in seperate data centers. our prod index cluster has mo...
by digisplunker New Member in Deployment Architecture 03-26-2019
0 1
0
1
tomasmoser

Interconnect two deployment servers managed by two different departments

Hi Experts, due to politics I have a huge Deployment server problem. Please help me out. What is the viable and feas...
by tomasmoser Contributor in Deployment Architecture 03-26-2019
0 3
0
3
sonicZ

enabling search head on a single clustered indexer

I am in a situation where we have a PROD and DR index cluster in seperate data centers. Recently our prod index clus...
by sonicZ Contributor in Deployment Architecture 03-26-2019
0 2
0
2
jiaqya

Can you help me with my upgrade plans for 6.5.2?

Hi, I just need a suggestion on upgrade path. i have 6.5.2 version installed on SH/Indexer and Forwarders. How to...
by jiaqya Builder in Deployment Architecture 03-26-2019
0 5
0
5
robertlynch2020

Splunk is causing (Resource temporarily unavailable) on the systems i am monitoring

Splunk is causing the following error on the application we are running - (Resource temporarily unavailable) I have ...
by robertlynch2020 Influencer in Deployment Architecture 03-26-2019
0 6
0
6
huajieyang

Missing data in splunk while restart

I have a splunk forwarder monitoring a folder and forward it to splunk server. However during reboot of splunk server...
by huajieyang New Member in Deployment Architecture 03-25-2019
0 1
0
1
eholz1

Forwarding vs. Receiving - Local Inputs vs. Forwarded inputs

Hello All, This forum is a great help. I had yet to resolve an issue with splunk forwarding and receiving. I have a ...
by eholz1 Builder in Deployment Architecture 03-25-2019
0 1
0
1
mship

Connectivity between depolyment client and indexer

I am receiving the following message in the splunkd log on my UF (windows) 01-11-2013 09:47:35.129 -0500 ERROR TcpOu...
by mship Path Finder in Deployment Architecture 03-25-2019
0 8
0
8
damonmanni

How do I delete data from just one specific index on one specific indexer in a cluster to free up disk space?

layout: I have indexer cluster consisting of 3 indexers(ind-a, ind-b, ind-c). Replication and search factor is set t...
by damonmanni Path Finder in Deployment Architecture 03-25-2019
0 0
0
0
pedroponchio

How to migrate a clustered indexer peer to a new hardware in a single-site cluster

Wondering if someone has gone through a hardware migration of a clustered indexers environment. Long story short, we ...
by pedroponchio Explorer in Deployment Architecture 03-25-2019
0 5
0
5
rashid47010

anti virus status on linux servers

There are serveral linux/unix/suse servers where antivirus solution is not installed. what is the query to get the l...
by rashid47010 Communicator in Deployment Architecture 03-25-2019
0 3
0
3
yossefn

What is the right order to change NTP setting in a clustered environment?

Hi, I need to change the NTP settings (in /etc/ntp.conf file) in a clustered environment (3 Indexers in cluster). ...
by yossefn Path Finder in Deployment Architecture 03-25-2019
0 4
0
4
gibranduatiga

Small Deployment Splunk for SOC

Now I want to learn to make Splunk on a small scale for SOC, but before that, let me give you a picture of the topolo...
by gibranduatiga New Member in Deployment Architecture 03-24-2019
0 2
0
2
ananth402

Bucket _time span=day and Date Time Range Issue

I have the following source: </input> <input type="time" token="timeRange" searchWhenChanged="true"> <l...
by ananth402 Explorer in Deployment Architecture 03-23-2019
0 1
0
1
amoldesai

How to migrate data in an indexer cluster to a new indexer cluster instance?

Hi, We have an application running in production on Splunk Enterprise version 6.5.1. The data available in the prod...
by amoldesai Explorer in Deployment Architecture 03-22-2019
0 5
0
5
manubweb

[Distributed Splunk] Cluster index : don't see green line in Topology

Hello I am configuring a splunk in distributed mode. a mastera searchheadfive indexersone forwarder On the master i...
by manubweb New Member in Deployment Architecture 03-22-2019
0 0
0
0
Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...
Top Solution Authors
View All