Deployment Architecture

Community Activity

Can you help me with my routing and filtering question? I have a requirement to send certain filtered log events on to a 3rd party in addition to indexing the events locally... by central1 Explorer in Deployment Architecture 11-04-2018 0 4	0	4
How do I configure Splunk_TA_Stream to not check in so often? All, I placed Splunk_TA_stream on a bunch of boxes and now the search head it's hitting is getting murdered perform... by daniel333 Builder in Deployment Architecture 11-02-2018 0 1	0	1
Is there a way to modify Access-Control-Allow-Headers for a CORS response? (and how to get these questions actually posted?) We have a client that requires at least some of the following for Access-Control-Allow-Headers: Access-Control-All... by Marcia_Piccione Engager in Deployment Architecture 11-02-2018 1 1	1	1
How to collect output from "rpm -qa --list" command into Splunk? Hello! Looking to do some patch monitoring on our *nix boxes and find the "rpm -qa --list" command extremely useful.... by joesrepsol Path Finder in Deployment Architecture 11-02-2018 0 2	0	2
SplunkDB input post processing I have a clob field that I don't want to index in full, is there a way to manipulate a splunkdb input before the cont... by drodman29 Path Finder in Deployment Architecture 11-02-2018 0 0	0	0
Why are we seeing vastly different wear out on particular indexers (same exact hard drive same exact install date)? We use 12 indexers in a cluster. They have the same exact hardware and install dates on all of them. However, there a... by briancronrath Contributor in Deployment Architecture 11-01-2018 0 2	0	2
Splunk Universal Forwarder command line install results in no windows event logs but manual GUI installation does? It's not the current version, but due to multiple reasons in my environment we are still running Splunk Enterprise r6... by brianhunter99 New Member in Deployment Architecture 11-01-2018 0 0	0	0
Is there an order of precedence in the serverclass.conf? In serverclass.conf... I'm creating different classes, for deployment. I've inherited this setup, and the previous ... by stcrispan Communicator in Deployment Architecture 11-01-2018 2 5	2	5
Deployer overwritting app configuration I created a barebones app on the deployer, copied it to shcluster/apps directory and pushed it to the 6 nodes of our ... by coreyf311 Path Finder in Deployment Architecture 11-01-2018 0 5	0	5
Help bucketing time with mcollect? all, I am running this search to collect exceptions by host. I am bucketing into 1min intervals. However when I go ... by daniel333 Builder in Deployment Architecture 10-31-2018 0 0	0	0
How can I limit the number of DNS requests done by the dnslookup lookup? Hi, I want to limit the number of IP resolved by the "\| lookup dnslookup" command. Is there a way to do it? EDIT: ... by davietch Path Finder in Deployment Architecture 10-31-2018 0 6	0	6
How do you create a new empty app in a clustered environment? I know how to create an app from the GUI of Splunk. But, on a clustered environment, I believe this needs to be creat... by EmEdwards Path Finder in Deployment Architecture 10-31-2018 1 2	1	2
Orphaned Searches: how do you disable the orphan notifications on search head members? hi, We have quite a large amount of users and hence leavers/movers are common. We are aware of how to fix the orphan... by koshyk Super Champion in Deployment Architecture 10-31-2018 0 2	0	2
Can A Single Master Cluster Node support multiple clusters? Let's say I have two groups of two indexers, each group in its own cluster. Can I use a single master cluster node t... by thomas_porter Explorer in Deployment Architecture 10-31-2018 0 4	0	4
How to add custom filed to input.config,Hoe to add custom field to input.config Hello I have 3 servers (one for each env) , each of the server forward data to the same index. I want to create a se... by moradato Engager in Deployment Architecture 10-31-2018 0 1	0	1
Merge Indexer Cluster and Search Head Cluster after a Split Brain How can a search head and an indexer cluster be merged after the cluster has been run intentionally in a split brai... by FritzWittwer_ol Contributor in Deployment Architecture 10-31-2018 0 1	0	1
how to create bucket over a period of 3 days? Hello Folks, We're trying to set up an alert for user contacting malware websites constantly. For eg user A attempts... by utsav45 Explorer in Deployment Architecture 10-30-2018 0 4	0	4
How can I automate the data on-boarding process? I have Splunk Universal Forwarder installed on RHEL. I have hundreds of stanzas manually written in $SPLUNKHOME/etc/a... by dharveynswccd Path Finder in Deployment Architecture 10-30-2018 1 0	1	0
Separate UF buffers for tcpout groups, is this possible? Hi all, I have 2 tcpout groups on my servers sending data to 2 distinct sets of indexers. A number of servers recent... by chris24747 Explorer in Deployment Architecture 10-30-2018 0 0	0	0
clustering.pyo file is created in Non-Cluster environment Issue description: I did not change setting in Splunk, but the following files were generated. /opt/splunk/lib/pytho... by dubeysantosh Explorer in Deployment Architecture 10-30-2018 0 1	0	1
SHC bundle push is not working local folder does not get updated Using the Deployer to deploy Apps to my Search Heads in a SHC setup. I had been trying to push out a new App, Phantom... by sdubey_splunk Splunk Employee in Deployment Architecture 10-30-2018 0 1	0	1
Cluster Master have SF/RF not meet due to a lot of bucket got status 'bucket hasn't rolled yet' This message may go away if waiting for longer time. However, I don't want to wait and any command to roll all the bu... by daniel_splunk Splunk Employee in Deployment Architecture 10-29-2018 0 4	0	4
Issues with data rebalance from cluster master When I use the Data rebalance option from the Cluster master, it shows that it is complete within 10-20 mins Do not ... by athorat Communicator in Deployment Architecture 10-27-2018 0 5	0	5
Send log in another index based on a tag Hello, I am using docker and I send all containers logs using logspout into a TCP input on Splunk. Before trying to ... by lmilcent New Member in Deployment Architecture 10-26-2018 0 0	0	0
How does the frozen bucket work exactly? All, So I have frozenTimePeriodInSecs=10368000 in my indexes.conf. That is 120 days old. Yet i have data going back... by daniel333 Builder in Deployment Architecture 10-25-2018 0 3	0	3