Deployment Architecture

Discussions

Thread Info

Can I move the cold buckets to a separate disk?

Hi, I was thinking about moving the cold buckets to a separate disk. I found some questions and docs about it b...

by Influencer in

Best practices: Can a su command be used to log in to Splunk instead of the username and password?

We have a Splunk service account but we're only supposed to be able to su Splunk. It's not supposed to allow actual s...

by Explorer in

Change splunk.secret

It is not official supported, but we have to try to change secret.conf on a few thousand universal forwarders. A comp...

by Contributor in

What servers does Splunk use?

I deployed Splunk in an AWS environment and want to know what servers Splunk uses? like webserver, application server

by Explorer in

how to move indexer peer from one cluster to another cluster?

Hello All i have 2 multisite clusters in two different regions. region one has 4 indexers with replication fac...

by Path Finder in

Why does my search head only sometimes see a peer?

I have an index cluster where one peer is down (as in we're talking to Cisco). When I run a Splunk list search-server...

by Engager in

Why would an index have several hot buckets open at the same time?

In reviewing the Splunk documentation on how indexers tore indexes I see that is says "An index can have several hot ...

by Path Finder in

Unable to push customized app from deployment server to some of the remote Windows machines.

Hi All, I am currently facing an issue with some of the remote host machine not getting a customized app. Yesterday I...

by Motivator in

What will happen if the replication factor is changed?

Say if initially the replication factor was 2 and later I change it to 3. Will the old data also be replicated with r...

by New Member in

Help finding all users on my system

I have splunk enterprise running on a linux box and I also have splunk universal forwarder running on a second linux ...

by Explorer in

unable to search static captain during search head clustering. - RESOLVED

We have followed the link to create a search head cluster. https://na01.safelinks.protection.outlook.com/?url=https%3...

by Path Finder in

Bug or expected behaviour: frozenTimePeriodInSecs reached and bucket frozen before being replicated succesfully to other peers

I hope someone can shed some light on the freezing of buckets before a bucket could be replicated due to streaming er...

by Engager in

Is there a way to ensure a report is run on a specific search head cluster member?

All, Is there a way to get a report to run on a specific member of a search head cluster? Mainly I want to know f...

by Builder in

Will CSV files produced by the outputcsv command be replicated by the search head cluster?

Hi all, I currently have 1 search head running all my scheduled searches. Some of these searches use the outputcsv...

by Path Finder in

Search head cluster is breaking when mgmt_uri has a question mark. How do I get the correct mgmt_uri?

We lost one node out of a three node search head cluster. We went to static captaincy. Sometime along the line, it...

by Contributor in

Why am I getting "ConfReplicationThread - Error pulling configurations from captain" in my search head cluster?

Hi guys, I have an issue with my Search Head cluster, the replication seems to not be working: 192.128.192.131 ...

by Path Finder in

Is there something wrong with my server roles?

We have 6 Splunk servers. 2 are indexers, 1 is license server, 1 deployment server, 1 ADHOC search head & 1 ES server...

by Communicator in

Splunk multisite indexer clustering: How can I minimize traffic b/t sites and maximize search performance?

I would like to build a Splunk multisite indexer cluster. However, I am concerned by the amount of network traffic ge...

by New Member in

How to index exported .evt and .evtx files?

I tried the following: settings -> Add Data -> Upload Data -> choose xxx.evt as my source and I'm lost at "Set Sou...

by Path Finder in

Search Peer Remote Account

Hi, I installed Splunk on two servers using the Debian installer package which creates an account called "splunk"...

by Path Finder in

Do I need to have autoLB on the search head?

I am getting the message Forwarding to indexer group default-autolb-group blocked for 100 seconds I am runn...

by Contributor in

How can I run a local search on my deployment server and make the results accessible for search?

Hello, I have a query that needs to run locally on the deployment server, but I want the results accessible on my ...

by Path Finder in

"Got Done key for an unknown bucket without getting any data"

I have a MultiSite indexing cluster, and a single Peer int site 2 is repeatedly reporting: ERROR TcpInputProc - ev...

by Ultra Champion in

Does a replication factor of three make sense?

Our eight indexers are under enormous stress and I wonder whether the replication factor of three makes any sense. Si...

by Ultra Champion in

How do I add a new node to a multisite indexer cluster?

Hello All i'm trying to find the way to to add new member to indexer cluster. do i need to follow same step that i...

by Path Finder in

Get Updates on the Splunk Community!

Deployment Architecture

Discussions

Can I move the cold buckets to a separate disk?

Best practices: Can a su command be used to log in to Splunk instead of the username and password?

Change splunk.secret

What servers does Splunk use?

how to move indexer peer from one cluster to another cluster?

Why does my search head only sometimes see a peer?

Why would an index have several hot buckets open at the same time?

Unable to push customized app from deployment server to some of the remote Windows machines.

What will happen if the replication factor is changed?

Help finding all users on my system

unable to search static captain during search head clustering. - RESOLVED

Bug or expected behaviour: frozenTimePeriodInSecs reached and bucket frozen before being replicated succesfully to other peers

Is there a way to ensure a report is run on a specific search head cluster member?

Will CSV files produced by the outputcsv command be replicated by the search head cluster?

Search head cluster is breaking when mgmt_uri has a question mark. How do I get the correct mgmt_uri?

Why am I getting "ConfReplicationThread - Error pulling configurations from captain" in my search head cluster?

Is there something wrong with my server roles?

Splunk multisite indexer clustering: How can I minimize traffic b/t sites and maximize search performance?

How to index exported .evt and .evtx files?

Search Peer Remote Account

Do I need to have autoLB on the search head?

How can I run a local search on my deployment server and make the results accessible for search?

"Got Done key for an unknown bucket without getting any data"

Does a replication factor of three make sense?

How do I add a new node to a multisite indexer cluster?

Monitoring MariaDB and MySQL

Financial Services Industry Use Cases, ITSI Best Practices, and More New Articles ...

Splunk Federated Analytics for Amazon Security Lake

How to install Splunk UF to AIX ?

Splunk Intermediate Forwarder Setup

CMMC Version 2.0

Stream forwarder only works when running as root

Search Cluster Overwriting etc/system/local/inputs...