Deployment Architecture

Discussions

Thread Info

Cluster bucket rebalancing: How long is too long?

My first few attempts at rebalancing were pretty great. No muss, no fuss. They ran for about 12 hours and like magic ...

by Influencer in

Forwarder issue

So we are trying to design a solution and we want two layers for forwarding . At the first layer universal forwarder ...

by Engager in

Apps: To Disable or To Delete?

I'm setting up a deployment server. From what I understand, the deployment server only adds or updates app files and ...

by Communicator in

Splunk replication factor and search factor modifications

If I increase my replication factor or the search factor. Does this changes are applicable to old buckets? suppose...

by Contributor in

How to app check deployment status

Hi everybody I have a challenge I must to deal with. I would like to create a script to deploy application from en...

by Path Finder in

I have to connect Splunk cloud to a mongoDB instance running on AWS. What is the best way to do this?

It seems like Hunk cannot be used since it is only available for Splunk Enterprise. Any work around for that? As for ...

by Path Finder in

HTTP Event Collector through Deployment Server

I followed the instructions on this page for scenario 3 - http://dev.splunk.com/view/event-collector/SP-CAAAE73#scen3...

by Builder in

architecture to support a single-site index in a multisite indexing cluster?

Hello Splunk Gurus, I have a multisite indexing cluster in Splunk 6.6.1 spanning two sites: small & big. The "b...

by Engager in

Impact of shutting down some splunk roles for a day?

I have a 5 node indexer cluster and a 3 node SHC which are all physical servers, but the rest are VMs (Deployment ser...

by Path Finder in

Splunkforwarder stopped sending data randomly

Hey Guys! So I have 2 forwarders they had stopped sending current data, I looked over the splunk config with a spl...

by New Member in

Watching the watchmen: how to monitor splunkd from the command line

Hi - I would like to monitor the status of a linux-based splunkd configured as a heavy forwarder from an external ...

by Path Finder in

Does the splunk_archver app need to be distributed to the search peers via the knowledge bundle?

We recently upgraded to Splunk 6.5.1 and noticed a fairly large increase in our replicated knowledge bundle size from...

by Path Finder in

Force search head cluster to forget old nonexistent members without performing remove shcluster-member command

Some time ago we had a Splunk search head cluster with nodes named “vm-splunk-sh01”, “vm-splunk-sh02”, “vm-splunk-sh0...

by Explorer in

Why am I unable to add a new member to a search head cluster with constant "Your session is invalid. Please login." errors?

Hi all, I got a running search head cluster on latest Splunk Version 6.4.1. I now need to add an additional member...

by Path Finder in

Which configuration file matters where in a distributed Splunk installation?

Hi everybody, I am trying to gain understanding on what configuration file matters to be where in a Splunk install...

by Path Finder in

Heavy Forwarders in Active-Active as failover

In one DC scenario, I am going to put two HFs in active-active mode and update Output.conf on Universal Forwarders (~...

by Explorer in

What configuration setting will allow the cluster master to regularly apply cluster bundles to peers?

Hello, I am looking for Splunk configuration setting that allows cluster master to push cluster bundles (asynchron...

by New Member in

Forwarder for Linux ARM (Raspberry Pi): Will Splunk deprecate this add-on and/or update it with a mention of the regular ARM forwarder build?

It looks like there is now a regular ARM version of the UF (Universal Forwarder). It's confusing to have this old add...

by Path Finder in

By not using the Splunk sever, how do I get to Web Interface?

I have an offline network consisting of thirteen machines, one of them being the Splunk server. I wish to use one of ...

by Path Finder in

A customer with admin privileges and a search head cluster cannot see "Setup" Action in Manage Apps. Is this expected behavior?

A customer of ours is unable to see our App's Setup Action when using a Search Head Clustered environment. They ha...

by Explorer in

How to customize the installation folder of Splunk Universal Forwarder in Linux and HPUX servers?

I want to install splunk universal forwarder in different paths accordingly to the filesystem space. For example: ser...

by New Member in

Why am I getting "Permission denied" errors trying to add apps to Server Class in Forwarder Management via the deployment server?

Hello, I am new to using the deployment server functionality within Splunk. Every time I try to add an app to a se...

by Communicator in

Why are all scheduled jobs being run on one search head in our Splunk 6.3 search head cluster, causing some jobs to be skipped?

We recently upgraded to a 3 node search head cluster of 8 core boxes. Our limits.conf across the cluster is: max_s...

by Communicator in

Can we send data to nullqueue at indexer layer. So that it will consume license.

Hi All, We have 2 Splunk instances first instance existing one to monitor security logs and second instance (to be...

by Engager in

When to upgrade DMC and Deployment server

Hi, Where in the upgrade sequence does the DMC and Deployment server get done? I don't see anything in the doc tha...

by Champion in

Get Updates on the Splunk Community!

Deployment Architecture

Discussions

Cluster bucket rebalancing: How long is too long?

Forwarder issue

Apps: To Disable or To Delete?

Splunk replication factor and search factor modifications

How to app check deployment status

I have to connect Splunk cloud to a mongoDB instance running on AWS. What is the best way to do this?

HTTP Event Collector through Deployment Server

architecture to support a single-site index in a multisite indexing cluster?

Impact of shutting down some splunk roles for a day?

Splunkforwarder stopped sending data randomly

Watching the watchmen: how to monitor splunkd from the command line

Does the splunk_archver app need to be distributed to the search peers via the knowledge bundle?

Force search head cluster to forget old nonexistent members without performing remove shcluster-member command

Why am I unable to add a new member to a search head cluster with constant "Your session is invalid. Please login." errors?

Which configuration file matters where in a distributed Splunk installation?

Heavy Forwarders in Active-Active as failover

What configuration setting will allow the cluster master to regularly apply cluster bundles to peers?

Forwarder for Linux ARM (Raspberry Pi): Will Splunk deprecate this add-on and/or update it with a mention of the regular ARM forwarder build?

By not using the Splunk sever, how do I get to Web Interface?

A customer with admin privileges and a search head cluster cannot see "Setup" Action in Manage Apps. Is this expected behavior?

How to customize the installation folder of Splunk Universal Forwarder in Linux and HPUX servers?

Why am I getting "Permission denied" errors trying to add apps to Server Class in Forwarder Management via the deployment server?

Why are all scheduled jobs being run on one search head in our Splunk 6.3 search head cluster, causing some jobs to be skipped?

Can we send data to nullqueue at indexer layer. So that it will consume license.

When to upgrade DMC and Deployment server

Index This | Divide 100 by half. What do you get?

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

Splunk and Fraud

Setup Splunk on AWS Elastic Beanstalk

Splunk Intermediate Forwarder Setup

CMMC Version 2.0

Stream forwarder only works when running as root

Search Cluster Overwriting etc/system/local/inputs...