Deployment Architecture

Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
faisal_saifi

one of my index size is 500 GB now its almost getting full so want to increase size to 2TB. I am using multi site cluster environment.

one of my index size is 500 GB now its almost getting full so want to increase size to 2TB. I am using multi site cl...
by faisal_saifi New Member in Deployment Architecture 10-02-2017
0 2
0
2
arnedietrichsta

Will there be ZFS support on Linux for Splunk Enterprise?

Hello, When I tried to install Splunk Enterprise, I noticed that Splunk doesn't like ZFS. Given that MongoDB works j...
by arnedietrichsta Explorer in Deployment Architecture 10-01-2017
4 16
4
16
chustar

How do I replicate settings in system/local across the search head cluster?

When using a stand alone search head, we made configuration changes in etc/system/local/e.g. outputs.conf, limits.con...
by chustar Path Finder in Deployment Architecture 09-29-2017
0 1
0
1
markconlin

Why aren't my logs being forwarded for indexing by my forwarders?

Summary Not all logs are being forwarded for indexing by my splunkforwarders. Situation I have 4 instances that run ...
by markconlin Path Finder in Deployment Architecture 09-29-2017
0 3
0
3
leilu001

Can I remove remote-bundle files? They take up a lot of disk space.

In SPLUNK_HOME/var/run/splunk/cluster/remote-bundle, it has these files. Which of them can be removed? It takes so mu...
by leilu001 New Member in Deployment Architecture 09-29-2017
0 1
0
1
alvaroveiga

500 Internal server error

After upgrading to latest Splunk enterprise version, i'am getting this error: https://image.ibb.co/mbpbuQ/1.jpg btoo...
by alvaroveiga New Member in Deployment Architecture 09-28-2017
0 14
0
14
Lucas_K

Understanding distributed search replication blacklisting behaviour

I'm trying to understand what happens to distsearch when you black list something. For example a csv file. I've been...
by Lucas_K Motivator in Deployment Architecture 09-27-2017
2 1
2
1
liuyongkang

How is my data still searchable? Is there something wrong with indexes.conf?

hi everyone : i have set indexes.conf link this: [qt] coldToFrozenDir = /SplunkBack/splunk/qt frozenTimePerio...
by liuyongkang Engager in Deployment Architecture 09-26-2017
0 2
0
2
phoenixdigital

Search Head Deployer in a SH Cluster: What happens to local?

I have been doing a few tests on how configurations are pushed when applying a shcluster bundle. However, I would lik...
by phoenixdigital Builder in Deployment Architecture 09-26-2017
1 3
1
3
matt

Does splunk play nice with puppet?

I'd like to able to install and configure the log forwarder using puppet. What needs to be done to make that happen?
by matt Splunk Employee Splunk Employee in Deployment Architecture 09-25-2017
8 15
8
15
randy_moore

How can we expand our Splunk Enterprise deployment in a hardware constrained environment?

We are currently running Splunk in single instance mode and have grown enough that we need to expand it. I have the a...
by randy_moore Path Finder in Deployment Architecture 09-25-2017
0 1
0
1
dominiquevocat

package deployment-app via CLI or rest

Is there a way to package an app in /etc/deployment-apps or /etc/master-apps analog to apps in /etc/apps ? For apps i...
by SplunkTrust SplunkTrust in Deployment Architecture 09-23-2017
0 2
0
2
makar4

External search head performs searches on separate cluster?

Is it possible to have a cluster (1 master, 2 indexers, 1 search head, 1 deployer) and have an external search head c...
by makar4 Engager in Deployment Architecture 09-22-2017
0 7
0
7
splunker969

Best practices for hot/warm bucket retention?

The primary indexers data (Hot+ Warm) data is being full .Please help us in solving this issues . .We are trying to s...
by splunker969 Communicator in Deployment Architecture 09-21-2017
1 6
1
6
sumitkathpal

Need steps to migrate from old deployment server to new deployment server

Dear Experts, we have around 40 UF installed and pointing to old deployment server, Help is required we want UF poin...
by sumitkathpal Explorer in Deployment Architecture 09-21-2017
0 4
0
4
narenpalepu

Out of 3 clusters why are 2 showing similar results and the third is missing results?

Hi , Rest API Splunk query results difference We have a query running with JDK REST API. We have 3 spunk clusters. ...
by narenpalepu New Member in Deployment Architecture 09-20-2017
0 6
0
6
a212830

Is there documentation on how to migrate a search head deployer and a cluster master to new servers?

Hi, I've been informed that my existing search-head deployer and cluster master (two different servers) need to get ...
by a212830 Champion in Deployment Architecture 09-20-2017
0 4
0
4
datlaphani

Replacing search peer in an indexer cluster - Best practices/concerns

Hi Splunk experts, We have a 2 site index cluster with 2 indexers per site. The plan is to replace existing disks o...
by datlaphani New Member in Deployment Architecture 09-20-2017
0 2
0
2
koshyk

Determine host of the searchhead running a SPL

hi, we have savedsearches running on Search Heads and need to trigger different alerts based on the environment. The ...
by koshyk Super Champion in Deployment Architecture 09-18-2017
0 5
0
5
scottrunyon

Are all indexes replicated in Indexer cluster?

I am currenly running a 2 system indexing cluster on Windows VMs. One of the systems is experiencing poor performanc...
by scottrunyon Contributor in Deployment Architecture 09-18-2017
0 10
0
10
maira

What should be the homePath.maxDataSizeMB in relation to the maxDataSize?

Hello - I am getting the following warning: "IndexConfig - Home path size limit cannot accomodate maximum number o...
by maira New Member in Deployment Architecture 09-15-2017
0 3
0
3
geantver0000

How to switch between active/inactive forwarders when you have a cluster?

Hi, When you have a Splunk forwarder on a server using Cluster (Active/Inactive), what can you do to Stop the Splunk...
by geantver0000 Engager in Deployment Architecture 09-15-2017
0 4
0
4
negast

Problem accessing the indexes from the indexer with one master and one search head

Hello, So, I'm trying to produce the following topology where I have one master/search head and one separate indexer...
by negast New Member in Deployment Architecture 09-15-2017
0 1
0
1
jet1276

Can a search head cluster be implemented without integrating with deployer?

I have a standalone search head connected to only one search peer. Now I am introducing another search head to the en...
by jet1276 Path Finder in Deployment Architecture 09-13-2017
0 5
0
5
timmy13

Why does my search peer come up as an error on my search head?

I've added a search head as a search peer and it's come up as "sick" with the following error. Can't seem to find an...
by timmy13 Communicator in Deployment Architecture 09-12-2017
1 4
1
4
Claim a $25 Cisco Store Gift Card
Help us improve the Splunk Community and complete our survey today!
Get Updates on the Splunk Community!

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...
Top Solution Authors
View All