Deployment Architecture

Community Activity

How can I monitor logs from a WAN? I want to monitor logs on a remote computer (on the wan) I would like to forward the logs in order to watch them on... by jbosano Engager in Deployment Architecture 10-05-2017 0 15	0	15
Search Head Clustering (Minimum Nodes Required) Hi, I am planning to create a Search Head Cluster using two Search Heads. Is this possible? I read somewhere tha... by jspvkey Explorer in Deployment Architecture 10-04-2017 1 5	1	5
What apps are not compatible with the deploymen server? I ask this because I just spent a while trying to debug why installing the "Microsoft Supporting Add-on for Active Di... by seratoz New Member in Deployment Architecture 10-04-2017 0 3	0	3
Index retains old warm buckets One of my indexes has a couple of old buckets in Warm which are closed for writing in 2014, then the next oldest one ... by JeremyHagan Communicator in Deployment Architecture 10-03-2017 1 3	1	3
How to use the secure copy (scp) command to transfer a diag file to our deployment server? Created a diagI need to email it to someone, so how can I use the scp command on CLI to send it to our deployment se... by jdomin30 New Member in Deployment Architecture 10-02-2017 0 2	0	2
acceleration with tscollect in indexer cluster Hi at all, I have an Indexer Cluster where each Indexer is accessed by users as a stand alone server, in other words ... by gcusello SplunkTrust in Deployment Architecture 10-02-2017 0 1	0	1
one of my index size is 500 GB now its almost getting full so want to increase size to 2TB. I am using multi site cluster environment. one of my index size is 500 GB now its almost getting full so want to increase size to 2TB. I am using multi site cl... by faisal_saifi New Member in Deployment Architecture 10-02-2017 0 2	0	2
Will there be ZFS support on Linux for Splunk Enterprise? Hello, When I tried to install Splunk Enterprise, I noticed that Splunk doesn't like ZFS. Given that MongoDB works j... by arnedietrichsta Explorer in Deployment Architecture 10-01-2017 4 16	4	16
How do I replicate settings in system/local across the search head cluster? When using a stand alone search head, we made configuration changes in etc/system/local/e.g. outputs.conf, limits.con... by chustar Path Finder in Deployment Architecture 09-29-2017 0 1	0	1
Why aren't my logs being forwarded for indexing by my forwarders? Summary Not all logs are being forwarded for indexing by my splunkforwarders. Situation I have 4 instances that run ... by markconlin Path Finder in Deployment Architecture 09-29-2017 0 3	0	3
Can I remove remote-bundle files? They take up a lot of disk space. In SPLUNK_HOME/var/run/splunk/cluster/remote-bundle, it has these files. Which of them can be removed? It takes so mu... by leilu001 New Member in Deployment Architecture 09-29-2017 0 1	0	1
500 Internal server error After upgrading to latest Splunk enterprise version, i'am getting this error: https://image.ibb.co/mbpbuQ/1.jpg btoo... by alvaroveiga New Member in Deployment Architecture 09-28-2017 0 14	0	14
Understanding distributed search replication blacklisting behaviour I'm trying to understand what happens to distsearch when you black list something. For example a csv file. I've been... by Lucas_K Motivator in Deployment Architecture 09-27-2017 2 1	2	1
How is my data still searchable? Is there something wrong with indexes.conf? hi everyone : i have set indexes.conf link this: [qt] coldToFrozenDir = /SplunkBack/splunk/qt frozenTimePerio... by liuyongkang Engager in Deployment Architecture 09-26-2017 0 2	0	2
Search Head Deployer in a SH Cluster: What happens to local? I have been doing a few tests on how configurations are pushed when applying a shcluster bundle. However, I would lik... by phoenixdigital Builder in Deployment Architecture 09-26-2017 1 3	1	3
Does splunk play nice with puppet? I'd like to able to install and configure the log forwarder using puppet. What needs to be done to make that happen? by matt Splunk Employee in Deployment Architecture 09-25-2017 8 15	8	15
How can we expand our Splunk Enterprise deployment in a hardware constrained environment? We are currently running Splunk in single instance mode and have grown enough that we need to expand it. I have the a... by randy_moore Path Finder in Deployment Architecture 09-25-2017 0 1	0	1
package deployment-app via CLI or rest Is there a way to package an app in /etc/deployment-apps or /etc/master-apps analog to apps in /etc/apps ? For apps i... by dominiquevocat SplunkTrust in Deployment Architecture 09-23-2017 0 2	0	2
External search head performs searches on separate cluster? Is it possible to have a cluster (1 master, 2 indexers, 1 search head, 1 deployer) and have an external search head c... by makar4 Engager in Deployment Architecture 09-22-2017 0 7	0	7
Best practices for hot/warm bucket retention? The primary indexers data (Hot+ Warm) data is being full .Please help us in solving this issues . .We are trying to s... by splunker969 Communicator in Deployment Architecture 09-21-2017 1 6	1	6
Need steps to migrate from old deployment server to new deployment server Dear Experts, we have around 40 UF installed and pointing to old deployment server, Help is required we want UF poin... by sumitkathpal Explorer in Deployment Architecture 09-21-2017 0 4	0	4
Out of 3 clusters why are 2 showing similar results and the third is missing results? Hi , Rest API Splunk query results difference We have a query running with JDK REST API. We have 3 spunk clusters. ... by narenpalepu New Member in Deployment Architecture 09-20-2017 0 6	0	6
Is there documentation on how to migrate a search head deployer and a cluster master to new servers? Hi, I've been informed that my existing search-head deployer and cluster master (two different servers) need to get ... by a212830 Champion in Deployment Architecture 09-20-2017 0 4	0	4
Replacing search peer in an indexer cluster - Best practices/concerns Hi Splunk experts, We have a 2 site index cluster with 2 indexers per site. The plan is to replace existing disks o... by datlaphani New Member in Deployment Architecture 09-20-2017 0 2	0	2
Determine host of the searchhead running a SPL hi, we have savedsearches running on Search Heads and need to trigger different alerts based on the environment. The ... by koshyk Super Champion in Deployment Architecture 09-18-2017 0 5	0	5