Deployment Architecture

Thread Info

Forwarder is unable to download the updated app from deployment server

Hi, Few of our forwarders are unable to download the updated apps from deployment server. Its just showing downloa...

by Contributor in

Search head cluster deployer -- "SHC deployer" isn't indicated as a server role after deploying via /shcluster

Hello, could you let me know if it's a GUI bug? I use /shcluster to deploy SH configurations but the role "SHC deploy...

by Motivator in

Splunk instance shut downs unexpectedly

We are using Splunk instance to pull various types of data from the server. But now days we are seeing Splunk instanc...

by Explorer in

Splunk 7.0 pricing model of metric index

For a metric index, is the license usage count on the log event parsed, or the extracted metric dimensions plus measu...

by Explorer in

Forward raw data to remote host - avoiding outputs.conf bug

Recently we configured outputs.conf/props.conf/transforms.conf on our Heavy Forwarders to forward 3 specific events t...

by Contributor in

Is it possible to make a deployment server a client of itself?

Is it totally crazy to make a deployment server contact itself for apps? I just thought about it and it would reduce ...

by Engager in

how to remove timestamp and host of heavy forwarder from data when it being forwarded to 3rd party system

Hi, I have heavy forwarder which sending data to indexers, at the same time it sending same data to Qradar SEIM. ...

by New Member in

Getting new node in Management Console

We are runing Splunk in AWS and lost one of our Indexers. All has recovered and I have removed the dead node but cann...

by Builder in

Set Data Retention Policy to delete data on rolling basis- not entire index

Hello, Below is information I received about data retention: frozenTimePeriodInSecs sets the maximum age, in se...

by Path Finder in

Custom Streaming Command Won't Distribute to Indexers (Python SDK, V2)

I am writing a custom streaming search command using the Python SDK and the V2 Protocol. I followed the V2 protocol d...

by Communicator in

Splunk Forwarder only sends a few Data from monitored logfile

Greetings, I using a Splunk-Enterprice trail version and installed Forwarders on 3 different VMs. The Indexer Serv...

by New Member in

Why is bin command creating too many bins? Issue with 5-minute segments

I have the same problem that is unanswered here I'm trying to do stats on the last 10 minutes of data by two separ...

by Path Finder in

Why is my search head missing in Distributed Management Console (DMC)?

I'm sure this is going to be something simple. I have a small Splunk POC environment consisting of a cluster master, ...

by Communicator in

Forwarder won't stop forwarding

A strange issue is happening, a few of our forwarders are sending a massive amount of data (wineventlog:security) to ...

by Path Finder in

How do I "un-uninstall" a deployment server app?

I was trying to remove an app from a serverclass and I clicked on Uninstall thinking that that would do it (there are...

by Esteemed Legend in

can i take $src_ip$ through1 index and use it other index in same query.

If i have 1 index for firewall i can get src_ip and src_host which is creating some issues then i need to check that ...

by New Member in

Changing the pass4SymmKey for Search Head Clustering not being encrypted in the Deployer

We were having trouble with one of the Search Head cluster members. We went in to ensure that all of the shclustering...

by Explorer in

Add cluster peer trying to reach wrong endpoint

Hello I am using a NFR license. I am mounting a cluster environment in ubuntu, where my cluster master is on splun...

by Influencer in

Changing mgmt port

Hello I have a new Indexer instance of splunk with mgmt port 52400. Now if I put the Indexer peer configuration from ...

by Engager in

What is the best way to describe Deployment?

I have gone through splunk docs it is like a puzzle for me to know about deployment. Can anyone give me perfect answe...

by Path Finder in

Disable search feature on Indexer Cluster Nodes

Hi, I have configured SHC and Indexer cluster, Is there any way to disable search feature on Indexer cluster nodes...

by Path Finder in

-bash: /opt/splunk/bin/splunk: No such file or directory

When I try start splunk without sudo (or even logged in as root), I get a "no such file or directory" error. It works...

by Explorer in

Summary index does not meet my needs

Hi. everyone.Please forgive my English level.I hope my description of the problem is clear enough.I have a lot of ind...

by Communicator in

Upgrade of a Search Head Cluster (v6.4.2 > 7.0.0) - Can I do a rolling upgrade?

Hi at all, I have to upgrade a Search Head Cluster from version 6.4.2 to 7.0.0 and I have a doubt: in https://docs.sp...

by SplunkTrust in

Splunk server roles

Hello, could you explain me in details the possible roles of cluster member below and what would you advice for : ...

by Motivator in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Deployment Architecture

Discussions

Forwarder is unable to download the updated app from deployment server

Search head cluster deployer -- "SHC deployer" isn't indicated as a server role after deploying via /shcluster

Splunk instance shut downs unexpectedly

Splunk 7.0 pricing model of metric index

Forward raw data to remote host - avoiding outputs.conf bug

Is it possible to make a deployment server a client of itself?

how to remove timestamp and host of heavy forwarder from data when it being forwarded to 3rd party system

Getting new node in Management Console

Set Data Retention Policy to delete data on rolling basis- not entire index

Custom Streaming Command Won't Distribute to Indexers (Python SDK, V2)

Splunk Forwarder only sends a few Data from monitored logfile

Why is bin command creating too many bins? Issue with 5-minute segments

Why is my search head missing in Distributed Management Console (DMC)?

Forwarder won't stop forwarding

How do I "un-uninstall" a deployment server app?

can i take $src_ip$ through1 index and use it other index in same query.

Changing the pass4SymmKey for Search Head Clustering not being encrypted in the Deployer

Add cluster peer trying to reach wrong endpoint

Changing mgmt port

What is the best way to describe Deployment?

Disable search feature on Indexer Cluster Nodes

-bash: /opt/splunk/bin/splunk: No such file or directory

Summary index does not meet my needs

Upgrade of a Search Head Cluster (v6.4.2 > 7.0.0) - Can I do a rolling upgrade?

Splunk server roles

Developer Spotlight with William Searle

Major Splunk Upgrade – Prepare your Environment for Splunk 10 Now!

Stay Connected: Your Guide to June Tech Talks, Office Hours, and Webinars!

Offline Logging and oberservability - on permises

v0.116.0 upgrade for EKS cluster gives webhook err...

Does a props/transforms.conf Visio stencil exist?

My servers class Agent allways in Pending status

splunk_internal_telemetry:53 - Failed to send tele...

Deployment Architecture

Are you a member of the Splunk Community?

Discussions