Deployment Architecture

Thread Info

Error applying with indexes.conf when adding maxWarmDBcount

So whilst modifying my index cluster configuration to be a little smarter with what data is maintained between hot/wa...

by Engager in

Can you verify my plans for a search head cluster configuration?

Hi All, I'm trying to create a sh cluster, here are the sequential things that I have. Please correct me. On th...

by Path Finder in

Restore procedure for warm buckets

Hello. The documentation is a bit unclear on how to restore warm buckets that has been backed up. The procedure is th...

by Explorer in

For multisite cluster indexer environment, Can site1 indexer on 6.5 work with site2 Indexers on 6.4?

I am planing a Splunk upgrade, master and search head cluster are on 7.0 but next step is to upgrade multisite Indexe...

by New Member in

Setting a max index size for frozen data?

I am running into a scenario where a high volume index is quickly rolling over from hot/warm to cold and then to froz...

by Engager in

reload deploy-server causing splunk restart

Hi, We have a distributed Splunk system installed and use deployment server to manage configurations. We have a py...

by Communicator in

Changing local.meta to maintenance user or deleting local.meta lines?

I am removing a large group of users that own things in my Splunk and I am wondering if there is a best approach to c...

by Path Finder in

Load balancer based HA for cluster master

Hi, We are currently running our splunk deployment with a multi-site indexer cluster with search head clustering ....

by Communicator in

bins command returns too few bins

Hi I have a long list of measurements called standardised with values between 0.0 and 1.0 I was to display the distri...

by New Member in

Restructuring Splunk data index best practices?

I inherited a rather messy Splunk deployment and within the next 2-6 months will be starting a project to reorganize ...

by Path Finder in

forwarder data transfer not working

I have set up an indexer and a forwwarder On forwarder, the logs are - 12-20-2013 09:36:24.224 +0530 WARN TcpO...

by Explorer in

Upgrade from distributed to clustered environment retaining configurations and data?

Hi , Is there a way to upgrade a distributed environment consisting of 1 x SH, 2 x IDX and a DS to a HA clustered ...

by Path Finder in

How can I make dispatch file names shorter?

I have a dashboard with 3 panels, each with long involved search strings. Recently I started getting log errors that ...

by Path Finder in

What do the status flags mean in a Search Head Cluster?

When showing the Search Head Cluster status, we get something similar to this: ./splunk show shcluster-status Ca...

by Explorer in

What is the index settings path and can I modify it?

Hello, I spun up an Ubuntu Linux box on Amazon EC2. My primary hard drive is 30gb and I also attached a 4tb ebs dr...

by Communicator in

Has anyone configured a deployment server to push apps to a cluster master (master-apps)?

I have a deployment server and I have created a serverclass to send apps to my clustermaster. I want to receive the a...

by Path Finder in

Bucket against field other than _time

Can I use the bucket command to group fields by time/date when extracted against a field other than _time? I have ...

by Path Finder in

Hadoop Data Roll and archiving replicated buckets

I have an indexer cluster with a replication factor of 3. If I were to implement Hadoop Data Roll, would only one cop...

by Explorer in

Unable to edit serverclass.conf file as when I try to save always "Save As" pop up is coming

by Engager in

Is there a command to downgrade from Splunk version 6.2 to 6.0 on Unix?

Currently I am using Splunk version 6.2 and I would like to move back to Splunk 6.0. Is there a command I can execute...

by Contributor in

Clarification - indexes.conf

This is my indexes.conf configuration [volume:hot_warm] path = /store/hot_warm maxVolumeDataSizeMB = 1450000 [v...

by Builder in

GEOIP - Is there a step by step guide to getting this set up?

I am presently running Splunk Free on my home network, collecting syslog data from my Sophos UTM. I'd like the abilit...

by New Member in

How can we avoid data loss in the summary indexes when there is an indexing latency in the cluster?

We reach situations where summary indexes are incomplete because we have an indexing latency in the cluster. We us...

by Ultra Champion in

How to create a bunch of tags in a search head cluster

I am admin in Splunk 6.6.2 clustered environment. I create 10 tags through the GUI. In my SHC, the 10 tags get distri...

by Path Finder in

Splunk Distrubuted Deployment in my Local System

Hi all, I am trying to set up a small Splunk distributed deployment in my Local System. with 3 Indexers Master 1 S...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Deployment Architecture

Discussions

Error applying with indexes.conf when adding maxWarmDBcount

Can you verify my plans for a search head cluster configuration?

Restore procedure for warm buckets

For multisite cluster indexer environment, Can site1 indexer on 6.5 work with site2 Indexers on 6.4?

Setting a max index size for frozen data?

reload deploy-server causing splunk restart

Changing local.meta to maintenance user or deleting local.meta lines?

Load balancer based HA for cluster master

bins command returns too few bins

Restructuring Splunk data index best practices?

forwarder data transfer not working

Upgrade from distributed to clustered environment retaining configurations and data?

How can I make dispatch file names shorter?

What do the status flags mean in a Search Head Cluster?

What is the index settings path and can I modify it?

Has anyone configured a deployment server to push apps to a cluster master (master-apps)?

Bucket against field other than _time

Hadoop Data Roll and archiving replicated buckets

Unable to edit serverclass.conf file as when I try to save always "Save As" pop up is coming

Is there a command to downgrade from Splunk version 6.2 to 6.0 on Unix?

Clarification - indexes.conf

GEOIP - Is there a step by step guide to getting this set up?

How can we avoid data loss in the summary indexes when there is an indexing latency in the cluster?

How to create a bunch of tags in a search head cluster

Splunk Distrubuted Deployment in my Local System

Index This | How many sides does a circle have?

New This Month - Splunk Observability updates and improvements for faster ...

What's New in Splunk Cloud Platform 9.3.2411?

Offline Logging and oberservability - on permises

v0.116.0 upgrade for EKS cluster gives webhook err...

Does a props/transforms.conf Visio stencil exist?

My servers class Agent allways in Pending status

splunk_internal_telemetry:53 - Failed to send tele...