Deployment Architecture

Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
ctaf

How can I set up the "Log Event" alert action in a distributed environment?

Hello, I am trying to use the new alert action "Log event" in a distributed environment (Search Head 6.4.0 & Indexer...
by ctaf Contributor in Deployment Architecture 04-04-2019
0 8
0
8
Harjit456

Splunk Cloud trial to connect to Salesforce API to retrieve the salesforce log

Hi, I'm using a trial of splunk cloud. I'm trying to figure out which IP and ports to allow on our firewall for our S...
by Harjit456 New Member in Deployment Architecture 04-04-2019
0 0
0
0
sylim_splunk

Why am I having an uneven data balancing issue with AutoLBVolume?

It appears we have a data load balancing issue that affects the search performance on the indexers. Some indexers fin...
by sylim_splunk Splunk Employee Splunk Employee in Deployment Architecture 04-03-2019
0 1
0
1
vicky05ssr

skipping indexing of internal audit events

I have 3 Indexers in a cluster and recently I changed the indexing path from defalut to different mount point. Initia...
by vicky05ssr Explorer in Deployment Architecture 04-03-2019
0 1
0
1
bogdan_nicolesc

Indexed IPv6 address from application

Hi all, I have an issue with data collected. I set up Splunk to index "Splunk network monitoring" and I get data in...
by bogdan_nicolesc Communicator in Deployment Architecture 04-02-2019
0 0
0
0
thomasantoniusc

How does the search head deployer know where the search heads are?

I have a Splunk search head cluster set up with a search head deployer. The search heads (SH) all know where the de...
by thomasantoniusc New Member in Deployment Architecture 04-02-2019
0 1
0
1
Sukisen1981

dynamic token values in dashboard to re-run search query

Hi, I am using the splunk delivered cluster command , code is something like this : <some event rows> |cluster showco...
by Sukisen1981 Champion in Deployment Architecture 04-02-2019
0 0
0
0
burwell

Best practices for deployment server: make sure app exists

I have a case with a deployment server where I renamed an app but didn't update the serverclass.conf. What happened ...
by SplunkTrust SplunkTrust in Deployment Architecture 04-01-2019
0 4
0
4
kamalbeg

Why is my Splunk deployment server failing with the following message: "Name may not be empty or all-whitespace"

I see the following error message in my log file for a Splunk deployment server 03-29-2019 17:15:44.710 -0400 ERROR ...
by kamalbeg Explorer in Deployment Architecture 04-01-2019
0 1
0
1
pkumar9610

Can "maxTotalDataSizeMB" & "frozenTimePeriodInSecs" be combined for Index config ?

HI Friends, I am using below config for creating Indexes in both my QA & Production Cluster. At this point, I am on...
by pkumar9610 Explorer in Deployment Architecture 04-01-2019
0 6
0
6
superhm

How do you make sure that a specific index of the indexers can be searched from the search head?

Hello. In the distributed search function, I want to make sure that specific index of the indexers can be searched f...
by superhm Explorer in Deployment Architecture 03-31-2019
0 2
0
2
joesrepsolc

Why can't I get the deployer to push apps to search head cluster members after a new Splunk installation?

Having this same issue now on a brand new Splunk setup (7.2.2). Search head cluster is (3), and (1) deployer. I got e...
by joesrepsolc Communicator in Deployment Architecture 03-29-2019
0 5
0
5
swmishra_splunk

Data getting duplicated due to the error:WatchedFile - File too small to check seekcrc, probably truncated. Will re-read entire file

I have a source logfile /var/splunk/log/user.log.I am sending the data from UF--->HF-->Indexer. And I am seeing the d...
by swmishra_splunk Splunk Employee Splunk Employee in Deployment Architecture 03-28-2019
0 0
0
0
jeff

what is a hot_quar_v1_ directory, vs standard hot_v1_?

According to documentation, and generally speaking in action, hot buckets are named hot_v1_<id> ... but I am no...
by jeff Contributor in Deployment Architecture 03-28-2019
3 6
3
6
yutaka1005

I can't get fully results in distributed search.

When I have searched in search head, following message was displayed. error: Some events cannot be displayed because...
by yutaka1005 Builder in Deployment Architecture 03-28-2019
0 2
0
2
nayuki

Search Head Cluster Node fall in a restarting loop

I deploy a Splunk Index Cluster, like following 10.6.113.25 (peer node)10.6.113.26 (master node)10.6.113.27 (peer no...
by nayuki New Member in Deployment Architecture 03-27-2019
0 2
0
2
splunkmajeure

Splunk logs filling drive

We have Splunk logs for Win 8.1 PCs that generate an excessive number of ~130MB log dumps in some cases. \[client]\c$...
by splunkmajeure New Member in Deployment Architecture 03-27-2019
0 0
0
0
rbal_splunk

How to add a new Search Head Cluster member to an existing SHC group if we have lost the secret key?

I have a 7 Node Search Head Cluster pool that was set up using a secret key. Unfortunately we lost secret and now we ...
by rbal_splunk Splunk Employee Splunk Employee in Deployment Architecture 03-27-2019
0 2
0
2
damucka

'anomalydetection' command: limit for values of field '_raw' reached.

Hello, I am trying to deploy the anomalydetection command and get the following warning: 'anomalydetection' command...
by damucka Builder in Deployment Architecture 03-27-2019
0 0
0
0
digisplunker

enabling search head on a single index in a index cluster

I am in a situation where we have a PROD and DR index cluster in seperate data centers. our prod index cluster has mo...
by digisplunker New Member in Deployment Architecture 03-26-2019
0 1
0
1
tomasmoser

Interconnect two deployment servers managed by two different departments

Hi Experts, due to politics I have a huge Deployment server problem. Please help me out. What is the viable and feas...
by tomasmoser Contributor in Deployment Architecture 03-26-2019
0 3
0
3
sonicZ

enabling search head on a single clustered indexer

I am in a situation where we have a PROD and DR index cluster in seperate data centers. Recently our prod index clus...
by sonicZ Contributor in Deployment Architecture 03-26-2019
0 2
0
2
jiaqya

Can you help me with my upgrade plans for 6.5.2?

Hi, I just need a suggestion on upgrade path. i have 6.5.2 version installed on SH/Indexer and Forwarders. How to...
by jiaqya Builder in Deployment Architecture 03-26-2019
0 5
0
5
robertlynch2020

Splunk is causing (Resource temporarily unavailable) on the systems i am monitoring

Splunk is causing the following error on the application we are running - (Resource temporarily unavailable) I have ...
by robertlynch2020 Influencer in Deployment Architecture 03-26-2019
0 6
0
6
huajieyang

Missing data in splunk while restart

I have a splunk forwarder monitoring a folder and forward it to splunk server. However during reboot of splunk server...
by huajieyang New Member in Deployment Architecture 03-25-2019
0 1
0
1
Get Updates on the Splunk Community!

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...
Top Solution Authors
View All