Deployment Architecture

Discussions

Thread Info

Indexer Discovery on Heavy Forwarder

Is it possible to enable indexerDiscovery on a Heavy Forwarder? I followed instructions here (http://docs.splunk.com/...

by New Member in

deployment-server socket timeout

Hi version 6.11 , added over 90 hosts in the Forwarder Management in server class. getting error on the splunk web gu...

by Explorer in

Can you forward specific indexed data from one server to another?

Hello, Here is my scenario server: Splunk_A has index_a index_b and index_c Splunk_B has Index_d index_e and inde...

by Path Finder in

Why is the new index not searchable?

Hi everyone, I'm new to Splunk and this is the first Index I created, so hopefully this Question ain't to nooby  ...

by New Member in

How to run scripts in Search Head Cluster on an alive node?

Hi all, We have some scripts for lookup filling via splunk lookup rest api link text Also we have search head clus...

by Path Finder in

Replication Factor with N+1 indexer

Hello, I would like to know what was the workflow of the current situation. We have setup the replication facto...

by New Member in

Changing sslPassword in server.conf

I'm trying to setup an index and searchhead cluster and want to use SSL, however, when I modify the sslPassword to us...

by New Member in

OSSEC server not seeing/reporting file changes in Splunk

I've configured the agent on my machine to monitor file changes for a specific folder and validated that Splunk's OSS...

by Path Finder in

Why in a 4 site Search Head Cluster captain is getting elected automatically?

Hi Forum, I'm integrating a streched SHC running in 4 sites. Each site have 1 SHC Member. When booting the SHC up ...

by Builder in

failed_because_BUNDLE_DATA_TRANSMIT_FAILURE

Dear Team, We have a cluster step up where 3 search head(cluster) , 3 indexer(cluster),1 index master,1 deployer, ...

by Engager in

Why am I unable to update splunk cloud universal forwarder settings on Linux?

I ran into a problem while putting together an Ansible playbook for deploying forwarder config. The initial deploymen...

by Engager in

Splunk 6.3.0 crashes on clustered indexers when some indexes are set to read-only

I deprecated certain indexes on my indexer cluster and wanted to set them to read-only (using isReadOnly = true) to a...

by Path Finder in

How to migrate an index from a single instance to a clustered index?

hello everyone I have a fortinet index that I would like to migrate to a 2 instance cluster ( one is having the da...

by Communicator in

Index Cluster - Search Factro and Replication Factor NOt Met - Error “Cannot replicate as bucket hasn’t rolled yet.”

I have Index cluster with 3 Nodes and intermittently I see that ‘Search Factor” and “Replication Factor” not met. Whe...

by Communicator in

Why all indexes are not available to select from "Available search indexes" during role creation?

Splunk License : EnterpriseSplunk version : 6.4.0Deployment Model : Search head cluster, indexer cluster We are no...

by SplunkTrust in

Cannot connect new splunk indexer to license master, getting error:Splunkd daemon is not responding: ('The read operation timed out',)

I created two new splunk instances that I am trying to set as slaves to a license master. I add the https;//x.x.x....

by Builder in

Search had Cluster Error regarding outdated baseline op id

I am getting this below error in my search head ERROR ConfReplicationThread - Error pushing configurations to capt...

by Builder in

What are the steps to remove data from an indexer cluster?

Hi, I am new to Splunk, could you please help? I have a Splunk cluster - 1 Master(also the license master), 3 n...

by Path Finder in

Is there a way to periodically restart Splunk?

I need to restart splunk (or reload_ds) every Monday at 7:00AM, as new alerts and dashboards are being made in the fi...

by Path Finder in

what happens to "|delete"d events when a bucket is thawed?

I have buckets with hidden (deleted) events that are frozen. I want to thaw these buckets. Will I need to re-delete t...

by Explorer in

Get Updates on the Splunk Community!

Deployment Architecture

Discussions

Indexer Discovery on Heavy Forwarder

deployment-server socket timeout

Can you forward specific indexed data from one server to another?

Why is the new index not searchable?

How to run scripts in Search Head Cluster on an alive node?

Replication Factor with N+1 indexer

Changing sslPassword in server.conf

OSSEC server not seeing/reporting file changes in Splunk

Why in a 4 site Search Head Cluster captain is getting elected automatically?

failed_because_BUNDLE_DATA_TRANSMIT_FAILURE

Why am I unable to update splunk cloud universal forwarder settings on Linux?

Splunk 6.3.0 crashes on clustered indexers when some indexes are set to read-only

How to migrate an index from a single instance to a clustered index?

Index Cluster - Search Factro and Replication Factor NOt Met - Error “Cannot replicate as bucket hasn’t rolled yet.”

Why all indexes are not available to select from "Available search indexes" during role creation?

Cannot connect new splunk indexer to license master, getting error:Splunkd daemon is not responding: ('The read operation timed out',)

Search had Cluster Error regarding outdated baseline op id

What are the steps to remove data from an indexer cluster?

Is there a way to periodically restart Splunk?

what happens to "|delete"d events when a bucket is thawed?

Introducing Ingest Actions: Filter, Mask, Route, Repeat

Splunk Forwarders and Forced Time Based Load Balancing

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Visio stencils

Can I disable replication bundle to indexers?

How to get logs ec2 "tag_id" form aws?

_metrics index does not show up on out DMC Index D...

If I renew the certificate on a Splunk proxy serve...