Deployment Architecture

Discussions

Thread Info

When I restore a frozen bucket, can I select which index it will be restored to?

I've read this article which tells me how to restore a frozen bucket. http://docs.splunk.com/Documentation/Splunk/6.5...

by New Member in

Install app/add-on in a clustered Search head?

Hi All, I did go through the docs and installed the Kafka add-on via the Deployer in a Search head cluster. I copi...

by Communicator in

Currently audit_db, access_summarydb are consuming space in PCI Search Head. How do I find the indexes.conf file and its configurations?

Hi All, Currently we have noticed under this path /opt/splunk/var/lib/splunk/ audit_db & access_summarydb has occupie...

by Motivator in

How to verify whether configuration files are pushed correctly from the deployment server?

Hi there, Can i please know how to check whether the configuration file is pushed correctly from the deployment se...

by Path Finder in

I want to increase base_max_searches in limits.conf, but what is MAX recommended value for this setting?

I have 4 indexers and 3 search heads and I currently have a */local/limits.conf file as below for my SH settings: ...

by New Member in

Is it possible limit user access to an index on a Search Head level?

Use case: A customer runs his personal Search Head but we only want to give him access to certain indexes Since we...

by Communicator in

Using different Splunk Version for Search Head Cluster as for the Indexer Cluster

Hi ninjas I wonder wheter if it is supported having different splunk versions of the indexer cluster and the search h...

by Path Finder in

Splunk Web does not restart with bucket restore

Hello, When restoring buckets to thawedb, Splunk Web does not want to restart. Here is the procedure: A Warm...

by Explorer in

Why is splunkd.log not getting indexed? Receiving error "The file 'E:\Splunk\var\log\splunk\splunkd.log' is invalid. Reason: binary"

My splunkd.log is being flooded with the following messages over and over - 01-04-2017 01:05:31.133 -0600 WARN Fi...

by Contributor in

Help with a DevOps deployment: Why am I receiving results from all indexes except main ("waiting for data" message displayed)?

Hi All, Really need a Jedi to help me get my DevOps instance running again. I have a security appliance sending lo...

by Contributor in

How to set the “sensitivity” of indexer clustering to 0.95 or 1.0?

Hey guys, How can I change the default of 0.8 or 0.7 to 0.95 or 1.0 for sensitivity in the cluster. I need to ...

by Contributor in

How to upgrade a Splunk search head and indexer cluster from 6.3.2 to 6.5.1?

Hi We are doing upgrade from 6.3.2 to 6.5.1. We have a search head cluster and indexer cluster in our Splunk setu...

by Builder in

How to resolve Server Abort error - Nginx Reverse Proxy (load balancing)

I thought I'd mention that I came across an error and worked with Splunk Support to determine the cause. I had recent...

by Builder in

What happens to Splunk if the NFS mount attached to the search pool goes down (NAS scheduled maintenance)?

What happens to Splunk if the NFS mount attached to the search pool goes down (NAS scheduled maintenance)? Would Splu...

by Communicator in

Are there any dangers in changing the splunk user password on a deployment server?

I am trying to restart the deployment server service as a root user. ./splunk reload deploy-server I get an e...

by Explorer in

Is it possible to configure more than one management port on the deployment server?

Hello Splunkers, is it possible to configure the deployment server's inputs.conf with more than one management por...

by Path Finder in

How to restore frozen data when it looks my buckets have corrupted files?

Hi all. I'm running Splunk 6.3.2 in Linux machines. I have to restore some old data to Splunk. I've followed th...

by Communicator in

Can I use and deploy Splunk on the internal servers of our company?

Hello, Could you please tell me – can I deploy your product Splunk (used for gathering and analyzing logs) on the ...

by New Member in

My index size limit has been reached. Why is oldest indexed data not being deleted "in order"?

I have an index with a size limit of 80GB and based on the data we index this should be about 7-10 days of retention....

by Explorer in

Are there any definitive guidelines on whether using VMware snapshots is supported for Splunk indexer clusters?

env: Splunk 6.4.1 environment (all linux OS based): 3x index cluster peers 1x cluster master 1x deployer/license mast...

by Path Finder in

Deployment Architecture

Discussions

When I restore a frozen bucket, can I select which index it will be restored to?

Install app/add-on in a clustered Search head?

Currently audit_db, access_summarydb are consuming space in PCI Search Head. How do I find the indexes.conf file and its configurations?

How to verify whether configuration files are pushed correctly from the deployment server?

I want to increase base_max_searches in limits.conf, but what is MAX recommended value for this setting?

Is it possible limit user access to an index on a Search Head level?

Using different Splunk Version for Search Head Cluster as for the Indexer Cluster

Splunk Web does not restart with bucket restore

Why is splunkd.log not getting indexed? Receiving error "The file 'E:\Splunk\var\log\splunk\splunkd.log' is invalid. Reason: binary"

Help with a DevOps deployment: Why am I receiving results from all indexes except main ("waiting for data" message displayed)?

How to set the “sensitivity” of indexer clustering to 0.95 or 1.0?

How to upgrade a Splunk search head and indexer cluster from 6.3.2 to 6.5.1?

How to resolve Server Abort error - Nginx Reverse Proxy (load balancing)

What happens to Splunk if the NFS mount attached to the search pool goes down (NAS scheduled maintenance)?

Are there any dangers in changing the splunk user password on a deployment server?

Is it possible to configure more than one management port on the deployment server?

How to restore frozen data when it looks my buckets have corrupted files?

Can I use and deploy Splunk on the internal servers of our company?

My index size limit has been reached. Why is oldest indexed data not being deleted "in order"?

Are there any definitive guidelines on whether using VMware snapshots is supported for Splunk indexer clusters?

Restart order/procedure after updating server.conf...

Precedence of log retention configuration

bundle files

How do I move 5 indexers (cluster 2) to our larger...

How to Setup Build jobs in Jenkins.