Deployment Architecture

Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
brianhunter99

Splunk Universal Forwarder command line install results in no windows event logs but manual GUI installation does?

It's not the current version, but due to multiple reasons in my environment we are still running Splunk Enterprise r6...
by brianhunter99 New Member in Deployment Architecture 11-01-2018
0 0
0
0
stcrispan

Is there an order of precedence in the serverclass.conf?

In serverclass.conf... I'm creating different classes, for deployment. I've inherited this setup, and the previous ...
by stcrispan Communicator in Deployment Architecture 11-01-2018
2 5
2
5
coreyf311

Deployer overwritting app configuration

I created a barebones app on the deployer, copied it to shcluster/apps directory and pushed it to the 6 nodes of our ...
by coreyf311 Path Finder in Deployment Architecture 11-01-2018
0 5
0
5
daniel333

Help bucketing time with mcollect?

all, I am running this search to collect exceptions by host. I am bucketing into 1min intervals. However when I go ...
by daniel333 Builder in Deployment Architecture 10-31-2018
0 0
0
0
davietch

How can I limit the number of DNS requests done by the dnslookup lookup?

Hi, I want to limit the number of IP resolved by the "| lookup dnslookup" command. Is there a way to do it? EDIT: ...
by davietch Path Finder in Deployment Architecture 10-31-2018
0 6
0
6
EmEdwards

How do you create a new empty app in a clustered environment?

I know how to create an app from the GUI of Splunk. But, on a clustered environment, I believe this needs to be creat...
by EmEdwards Path Finder in Deployment Architecture 10-31-2018
1 2
1
2
koshyk

Orphaned Searches: how do you disable the orphan notifications on search head members?

hi, We have quite a large amount of users and hence leavers/movers are common. We are aware of how to fix the orphan...
by koshyk Super Champion in Deployment Architecture 10-31-2018
0 2
0
2
thomas_porter

Can A Single Master Cluster Node support multiple clusters?

Let's say I have two groups of two indexers, each group in its own cluster. Can I use a single master cluster node t...
by thomas_porter Explorer in Deployment Architecture 10-31-2018
0 4
0
4
moradato

How to add custom filed to input.config,Hoe to add custom field to input.config

Hello I have 3 servers (one for each env) , each of the server forward data to the same index. I want to create a se...
by moradato Engager in Deployment Architecture 10-31-2018
0 1
0
1
FritzWittwer_ol

Merge Indexer Cluster and Search Head Cluster after a Split Brain

How can a search head and an indexer cluster be merged after the cluster has been run intentionally in a split brai...
by FritzWittwer_ol Contributor in Deployment Architecture 10-31-2018
0 1
0
1
utsav45

how to create bucket over a period of 3 days?

Hello Folks, We're trying to set up an alert for user contacting malware websites constantly. For eg user A attempts...
by utsav45 Explorer in Deployment Architecture 10-30-2018
0 4
0
4
dharveynswccd

How can I automate the data on-boarding process?

I have Splunk Universal Forwarder installed on RHEL. I have hundreds of stanzas manually written in $SPLUNKHOME/etc/a...
by dharveynswccd Path Finder in Deployment Architecture 10-30-2018
1 0
1
0
chris24747

Separate UF buffers for tcpout groups, is this possible?

Hi all, I have 2 tcpout groups on my servers sending data to 2 distinct sets of indexers. A number of servers recent...
by chris24747 Explorer in Deployment Architecture 10-30-2018
0 0
0
0
dubeysantosh

clustering.pyo file is created in Non-Cluster environment

Issue description: I did not change setting in Splunk, but the following files were generated. /opt/splunk/lib/pytho...
by dubeysantosh Explorer in Deployment Architecture 10-30-2018
0 1
0
1
sdubey_splunk

SHC bundle push is not working local folder does not get updated

Using the Deployer to deploy Apps to my Search Heads in a SHC setup. I had been trying to push out a new App, Phantom...
by sdubey_splunk Splunk Employee Splunk Employee in Deployment Architecture 10-30-2018
0 1
0
1
daniel_splunk

Cluster Master have SF/RF not meet due to a lot of bucket got status 'bucket hasn't rolled yet'

This message may go away if waiting for longer time. However, I don't want to wait and any command to roll all the bu...
by daniel_splunk Splunk Employee Splunk Employee in Deployment Architecture 10-29-2018
0 4
0
4
athorat

Issues with data rebalance from cluster master

When I use the Data rebalance option from the Cluster master, it shows that it is complete within 10-20 mins Do not ...
by athorat Communicator in Deployment Architecture 10-27-2018
0 5
0
5
lmilcent

Send log in another index based on a tag

Hello, I am using docker and I send all containers logs using logspout into a TCP input on Splunk. Before trying to ...
by lmilcent New Member in Deployment Architecture 10-26-2018
0 0
0
0
daniel333

How does the frozen bucket work exactly?

All, So I have frozenTimePeriodInSecs=10368000 in my indexes.conf. That is 120 days old. Yet i have data going back...
by daniel333 Builder in Deployment Architecture 10-25-2018
0 3
0
3
anilsharmahk

How do I access the control panel on admin role on a Splunk search head cluster?

hi if any one can help — i lost access to the control panel on admin role on a Splunk search head cluster. I check...
by anilsharmahk New Member in Deployment Architecture 10-25-2018
0 5
0
5
mallempatisreed

Can the disk size be different on the servers in the same Indexer cluster?

hi All, We have indexer cluster with 6 servers and out of these 4 servers has more than 90% space utilization. Due t...
by mallempatisreed Explorer in Deployment Architecture 10-25-2018
0 1
0
1
jacobappleton

Values for cluster_status when running splunk show cluster-bundle-status

I'm trying to automate some of our Splunk processes, and I need to know what the possible set of values are that can ...
by jacobappleton Explorer in Deployment Architecture 10-25-2018
0 1
0
1
MikaJustasACN

Multiple same TA on a single universal forwarder

Hi All, I have a question on how this should be approached. Stage: There are multiple A type servers where wmi.conf...
by MikaJustasACN Path Finder in Deployment Architecture 10-25-2018
0 2
0
2
atyshke1

I need ZIP packed of splunk universal forward agent 7.2.0

Hello! Could you help me to find zip package of UF 7.2.0??? Where Can I download it?
by atyshke1 Path Finder in Deployment Architecture 10-24-2018
0 6
0
6
gcato

Structured data header extraction - WARN CsvLineBreaker - Parser warning: Encountered unescaped quotation mark in field

I Recently came across an issue where the following warning message was spamming my forwarder's splunkd.log for a str...
by gcato Contributor in Deployment Architecture 10-24-2018
0 1
0
1
Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...
Top Solution Authors
View All