Deployment Architecture

Discussions

Thread Info

Indexer cluster autoscaling, how to configure universal forwarders with the new indexer endpoints.

We are using a splunk indexer cluster in AWS using autoscaling to increase the cluster size. Universal forwarders are...

by Explorer in

If a peer goes down in an indexer cluster, how does new indexed data get replicated, and what happens when the peer comes back up later?

Little confused in Indexer Clustering. I have 3 peers with One master and One Search Head. Replication Factor is 3 an...

by Communicator in

Can bucket rotation be turned off?

I would like to keep "All" data in a single bucket. There is a potential performance impact when Splunk rotates data ...

by New Member in

Can I upgrade a search head cluster by a rolling upgrade?

Hello Community, I want to upgrade an indexer cluster and a search head cluster from 6.3.3 to 6.3.4. From Splunk d...

by Explorer in

Is it possible to access the Splunk CLI locally without credentials, or limit credentials just to the local host?

I have a script which runs on the deployment server and maintains the contents of ../deployment-apps/... out of a git...

by Contributor in

Are there any issues with setting up the Distributed Management Console in distributed mode on a test or demo search head?

We have a testing or demo environment configured as distributed search that contains one search head, multiple indexe...

by New Member in

If I am using a custom index, do we need to create this index on each and every peer in an indexer cluster?

Hello, I am new to Splunk. I am trying to deploy an indexer cluster (single-site) as the diagram in the docs s...

by Path Finder in

How to merge two apps in deployment server

I am looking for some help in managing apps using the deployment server. Here is the case. I have two different apps,...

by New Member in

Can I install both cluster master and SHC(Search Head Cluster)-deployer on the same machine/server?

I have deployment server to push apps to forwarders, cluster master to push apps to indexers and SHC deployer to push...

by Influencer in

Is there a way to detect in Splunk if a server was removed or deleted?

Is there a way to detect in Splunk if a server was removed or deleted from the network?

by New Member in

Deployment Server Behind HTTPS Proxy

Instead of having a deployment-server chain, I would like to provide access for some deployment clients through a htt...

by SplunkTrust in

Indexer Cluster - Cluster peer is downloading cluster bundle relatively

User case:  Cluster Masters with 30 Cluster Peers.  Pushed the Cluster Bundle  Most of the Cluster Peer Downloa...

by Communicator in

Can I have an indexer cluster on a single logical site, but the actual search peers in different physical network locations?

Hello Splunkers, We are migrating our Splunk deployment from a single Splunk indexer to an indexer cluster archite...

by Communicator in

How to distribute Distributed Search configuration using a deployer for a Search Head Cluster?

Hi, We recently set up a SH Cluster which includes 3 members and one deployer. Basic replication seems to be worki...

by Contributor in

Is there any practical/inexpensive way to do long time data storage in Splunk Cloud?

Hi, I've looked around in the documentation for how to set an archiving policy in Splunk Cloud, but I haven't foun...

by Builder in

Unable to bootstrap search head cluster captain

Environment: Windows Server 2012 Splunk Ent 6.3 3 Search Heads (all brand new instances) 1 Instan...

by Path Finder in

[SHC] Troubleshooting Configurations under Search Head Clustering

It will be nice to have high level documentation on Troubleshooting Configurations under Search Head Clustering

by Splunk Employee in

Can I run two Splunk instances on one physical server with one instance in a Search Head Cluster and the other in an Indexer Cluster?

I am developing a Disaster Recover solution for my Splunk environment and only have four physical servers (all 32 CPU...

by Explorer in

Why does my Search Head Cluster Captain start delegating scheduled jobs more to one cluster node over time, and how do I prevent this?

EDIT: This is still an issue in Splunk 6.4 I'm noticing that over time, my SHC captain starts favoring one cluster...

by Motivator in

multiple deployment servers - checksum mismatch among instances of apps

we have 3 deployment servers (DS1,DS2,DS3) in our splunk instance. DS2 and DS3 are deployment clients of the deployme...

by Builder in

Deployment Architecture

Discussions

Indexer cluster autoscaling, how to configure universal forwarders with the new indexer endpoints.

If a peer goes down in an indexer cluster, how does new indexed data get replicated, and what happens when the peer comes back up later?

Can bucket rotation be turned off?

Can I upgrade a search head cluster by a rolling upgrade?

Is it possible to access the Splunk CLI locally without credentials, or limit credentials just to the local host?

Are there any issues with setting up the Distributed Management Console in distributed mode on a test or demo search head?

If I am using a custom index, do we need to create this index on each and every peer in an indexer cluster?

How to merge two apps in deployment server

Can I install both cluster master and SHC(Search Head Cluster)-deployer on the same machine/server?

Is there a way to detect in Splunk if a server was removed or deleted?

Deployment Server Behind HTTPS Proxy

Indexer Cluster - Cluster peer is downloading cluster bundle relatively

Can I have an indexer cluster on a single logical site, but the actual search peers in different physical network locations?

How to distribute Distributed Search configuration using a deployer for a Search Head Cluster?

Is there any practical/inexpensive way to do long time data storage in Splunk Cloud?

Unable to bootstrap search head cluster captain

[SHC] Troubleshooting Configurations under Search Head Clustering

Can I run two Splunk instances on one physical server with one instance in a Search Head Cluster and the other in an Indexer Cluster?

Why does my Search Head Cluster Captain start delegating scheduled jobs more to one cluster node over time, and how do I prevent this?

multiple deployment servers - checksum mismatch among instances of apps

Splunk 8.x & Netapp

Smartstore swift configuration not working

Docker Start Breaks Cluster

SmartStore configuration

Splunk add-on for windows infrastructure