Deployment Architecture

Start a Conversation

Discussions

Start a Conversation

Thread Info

High CPU Utilization: monitoring of perfmon logs, Windows Server 2008

Good Day, Would like to post a question, is it normal that CPU Utilization of Splunk Universal Forwarder is higher...

by Communicator in

How can I fine tune the splunk queries which are very slow and return huge amount of data which finally causes the search head to be very slow?

Hi, We have some queries which are very slow and return a huge amount of data which finally causes the search head...

by Contributor in

Index created on indexer not reflecting on search head or neither on deployment server?

Hi, deployed a medium solution with 1 search head , 1 indexer and 1 (Deployment server(DS) + License master). - Deplo...

by New Member in

Why is my Cluster Master stuck in Maintenance Mode?

I pushed the cluster bundle from Cluster Master to Cluster Peer, we have 80 cluster peer's. Now cluster master is stu...

by Splunk Employee in

Javascript/CSS files fail to load on search head?

I deployed an app to my search head cluster. In one of the search heads, the custom javascript/css files for a dashbo...

by Communicator in

Can I deploy Splunk Enterprise Security if I have a lot of remote sites with duplicated IP address

My company have a lot of remote sites, each site has so many IP subnets are duplicated I would like to ask if Splunk ...

by New Member in

Why am able to see events even after deleting them from GUI?

Hi All, We have a multisite clustered environment with 24 indexers and 8 search heads and all servers are running ...

by Path Finder in

If u have separate instance in prod and training how you will combine the search results from both?

by Path Finder in

Can someone please provide me a way to setup three deployment servers?

can someone please provide me a way to set up three deployment servers? I want the first one to send to two deploymen...

by Explorer in

Question ) How does Cluster Master decide Primary searchable copy ?

As you may know in Non-multi-site Cluster there is only one set of “primary” searchable buckets that respond to searc...

by Splunk Employee in

Why is the server.conf when trying to secure 8089 port, is broken from connecting to the Deployment server?

Configured web.conf and server.conf in order to secure port 8089, which was successful but upon checking the connecti...

by Loves-to-Learn in

search a bucket without aggregating results

I want to be able to search for all results where Percent_CPU_Load is greater than 95. However, when I do search CPUb...

by Path Finder in

scaling HEC on heavy forwarders

currently I am using single heavy forwarders as my HEC and the token generated from one heavy forwarders, however to ...

by Communicator in

Can I configure a Splunk Forwarder to forward all log data before shutting down?

If I am about to shutdown my system, how can I make sure that the Splunk Forwarder has forwarded all log data off of ...

by New Member in

Where is actually SPLUNK_DB located?

Hi, Whenever i create a new index in my licensed standalone version it automatically taking the home path,cold pat...

by Builder in

How to change hostname of a universal forwarder on VMs(XenDesktop Agent)

I am attempting to setup Splunk on a VM that will become a VM(XenDesktop) template. I create a new VM from the templa...

by Builder in

Is there a high availability capability for the indexer discovery feature?

Based on Use indexer discovery to connect forwarders to peer nodes and the original question at - How can the forw...

by Ultra Champion in

Why has my universal forwarder stopped sending logs to my indexer after version upgrade?

Hi Splunkers, My indexers are running Splunk Enterprise v6.5.3. I recently upgraded a "test" Universal Forwarder i...

by Path Finder in

Splunk buckets restoration from amazon s3 bucket on indexer cluster with auto balancing.

Hi Splunkers, I have a clustered environment on AWS infrastructure with 2 indexers 1 master and 2 search heads. We...

by Motivator in

Indexes.conf

I'm trying to source what indexes.conf is being utilized for each index; for example, I have an index called Web. Wha...

by New Member in

Get Updates on the Splunk Community!

Deployment Architecture

Discussions

High CPU Utilization: monitoring of perfmon logs, Windows Server 2008

How can I fine tune the splunk queries which are very slow and return huge amount of data which finally causes the search head to be very slow?

Index created on indexer not reflecting on search head or neither on deployment server?

Why is my Cluster Master stuck in Maintenance Mode?

Javascript/CSS files fail to load on search head?

Can I deploy Splunk Enterprise Security if I have a lot of remote sites with duplicated IP address

Why am able to see events even after deleting them from GUI?

If u have separate instance in prod and training how you will combine the search results from both?

Can someone please provide me a way to setup three deployment servers?

Question ) How does Cluster Master decide Primary searchable copy ?

Why is the server.conf when trying to secure 8089 port, is broken from connecting to the Deployment server?

search a bucket without aggregating results

scaling HEC on heavy forwarders

Can I configure a Splunk Forwarder to forward all log data before shutting down?

Where is actually SPLUNK_DB located?

How to change hostname of a universal forwarder on VMs(XenDesktop Agent)

Is there a high availability capability for the indexer discovery feature?

Why has my universal forwarder stopped sending logs to my indexer after version upgrade?

Splunk buckets restoration from amazon s3 bucket on indexer cluster with auto balancing.

Indexes.conf

Splunk Life | Happy Pride Month!

SplunkTrust | Where Are They Now - Michael Uschmann

Admin Your Splunk Cloud, Your Way

SSH Weak Key Exchange Algorithms Enabled

"All Configurations" timeout issue while accessing...

Configuration Bundle Actions Last Validate and Che...

How to return old version of distsearch.conf file?

How can I enable DDL and DML logs to be sent from ...