Deployment Architecture

Community Activity

Is there a REST API call to apply shcluster-bundle with the deployer? We need a fast and easy way to push changes to our three search head clusters and need a way to deploy updated config... by Kyle_Jackson Explorer in Deployment Architecture 03-19-2019 1 7	1	7
What takes precedence, index.conf on Universal Forwarder, or Forwarder Management I have just set up forwarder management, and I have noticed that while all my 'apps' are showing as deployed to my cl... by kmower Communicator in Deployment Architecture 03-19-2019 0 9	0	9
Why is there a long delay logging into Splunk on the latest Linux version? I'm running the latest 7.2.5 Linux version, but even in the last few previous versions, when connecting to Splunk and... by aleivo Engager in Deployment Architecture 03-19-2019 0 3	0	3
Parsing default.meta with python Hi, in our deployment pipeline we want to check the config of an app. At the moment I try to parse the default.meta ... by kbroeker New Member in Deployment Architecture 03-19-2019 0 0	0	0
What is multisite cluster retention policy? Hi there, A question regarding the retention policy approach in a clustered multi site-cluster two sites with each ... by hiph151 Explorer in Deployment Architecture 03-18-2019 0 1	0	1
Search Head Cluster - error when try to push change - "insufficient permission to access this resource" Received "insufficient permissions to access this resource" but when I try to run it again, to enter the correct acco... by kcooper Communicator in Deployment Architecture 03-18-2019 0 4	0	4
Bulk loading DB_inputs for DBConnect - with rising column mode Just wondering if there is anyone out there that has successfully managed to add in multiple new inputs to DBconnect ... by kozanic_FF Path Finder in Deployment Architecture 03-17-2019 0 2	0	2
Slow Performance in the Deployment Server UI All, I have about 2658 devices checking into our deployment server (CentOS 6.6, x64, Splunk 6.41) 8vCPU/16gigs ram ... by daniel333 Builder in Deployment Architecture 03-16-2019 0 27	0	27
Why is the search head not connecting to deployment server? Hi, While doing some clean-up, I noticed that we have two apps on our stand-alone SH that are essentially duplicates... by a212830 Champion in Deployment Architecture 03-15-2019 0 3	0	3
Question regarding Search head clustering Hi We have a small Splunk environment with one search head and one indexer, both in the same server box. Due to the... by pdantuuri0411 Explorer in Deployment Architecture 03-15-2019 1 5	1	5
When trying to monitor two logs file formal from the same directory, why is it throwing an error: Parameters must be in the form '-parameter value'? Hi, I'm trying to monitor 2 logs file format (.out & .err) from a same directory (/var/splunkdata). I use the CLI ... by clementros Path Finder in Deployment Architecture 03-15-2019 0 3	0	3
Search head cluster - changing dispatch.ttl for reports I want to add the dispatch.ttl=1800 to few reports which otherwise keep the search artifacts for 2p time. 1. Is there... by patilsonali1729 Path Finder in Deployment Architecture 03-14-2019 0 2	0	2
how do we store the data to splunk cloud from web application as free cloud account how do we store the data to splunk cloud from web application as free cloud account. Is there any api available to st... by sakthivelgo New Member in Deployment Architecture 03-14-2019 0 0	0	0
Max warm settings exceeded, but cold is still empty I am looking through my indexes, and I see that my busiest one is not responding at all how I thought I had it config... by oliverj Communicator in Deployment Architecture 03-13-2019 0 1	0	1
How to pull out blocked connections from illumio within our Unix/Linux environment? If I log into the Linux system in question and go to the log area /var/log/illumio-pce/agent_traffic.log type grep bl... by jshekell Explorer in Deployment Architecture 03-13-2019 0 5	0	5
Running the same search, why are different results showing up? If I run the same search using the same time window I get sometimes different results. I have added \| eval bkt=_bkt... by szymonledzinski New Member in Deployment Architecture 03-13-2019 0 1	0	1
Cluster search head down (crashes) splunk 7.1.0 good morning Our SH cluster is going back several times and we do not know the cause. someone could give me some ... by aecruzp Path Finder in Deployment Architecture 03-12-2019 0 2	0	2
How to properly upgrade a multi-site indexer cluster A customer had been trying to upgrade our Test Splunk multisite environment from 6.3 to 6.5.1 but was unable to progr... by kgrigsby_splunk Splunk Employee in Deployment Architecture 03-12-2019 0 8	0	8
What is Splunk deployment server version compatibility with deployment client? Would Splunk deployment servers have compatibility issue with deployment clients that are on earlier version? by keio_splunk Splunk Employee in Deployment Architecture 03-12-2019 0 1	0	1
How can I increase the universal forwarder buffer size to insure logs are not lost when site becomes isolated? The network connectivity at one of my sites drops on occasions. So, I was reading best practice is to configure a sys... by nickcc Engager in Deployment Architecture 03-08-2019 0 1	0	1
Sending cooked but unparsed data from Heavy Forwarder Hi Splunkers, We are ingesting data using the Splunk TA for AWS, which is installed on a heavy forwarder. While this... by nicolas_perreau Explorer in Deployment Architecture 03-08-2019 0 4	0	4
Can you help me with an Issue building a Splunk cluster? I manage a couple of small Splunk clusters, and for the 1st time, I need to build one form scratch. I am testing in o... by a238574 Path Finder in Deployment Architecture 03-07-2019 0 4	0	4
Why are some of the Linux timestamps not parsing? I tried importing these on a different non production system, and some new information came to light. This post has n... by oliverj Communicator in Deployment Architecture 03-07-2019 1 11	1	11
Search head - Search peer communication direction in distributed enviroment Hi all, I have a simple question: In a distributed environment (without SH cluster), what happens when I do a distri... by tdubicz Engager in Deployment Architecture 03-07-2019 0 2	0	2
Splunk alert for server downtime , if downtime exceeds more than 15 minutes I have list of windows server in the inputlookup, if server downtime exceeds more than 15 minutes for any of the serv... by saravanafd Explorer in Deployment Architecture 03-06-2019 0 3	0	3