Deployment Architecture

Discussions

Thread Info

How to calculate dispatch directory size in Splunk?

Hi, I want to calculate dispatch directory size in Splunk to help in Splunk performance monitoring. Can anyone ple...

by Contributor in

Is it possible to bring new servers online into the respective pools and have them sync in such a way that we can remove the old servers one at a time?

Would it be possible to bring the new servers online into the respective pools and have them sync in such a way that ...

by New Member in

How to configure Universal Forwarder to receive UDP traffic

I am trying to forward events from my current SIEM to the Universal forwarder using UDP and port 9514. When I run a t...

by Path Finder in

Best practices to send multiple devices to a single indexer via syslog

We have a deployment with approximately 500 linux systems that are sending logs via syslog on a single indexer. In so...

by Path Finder in

Splunk performs tsidx reduction immediately on warm buckets

I've recently upgraded to Splunk 6.6.0 and now seem to be having a problem with one of my indexes; every time I searc...

by Explorer in

script doesn't run. error Couldn't start command "" Resource temporarily unavailable

I have a few sh scripts scheduled to run every few min and those stop recently, and print this error in the log. To w...

by New Member in

Deleting old Splunkd logs in Splunk forwarder

Hi, Is there any configuration in Splunk forwarder to delete old splunkd logs, metric logs etc.

by Explorer in

Splunk forwarder configured with dummy splunk server results in long pause in puppet splunk restart

I basically have roles which install the forwarder with whom I might wish to do some local testing. When testing loc...

by New Member in

Splunk 6.x and Linux? not so fast?

New 6.0.x/6.1.x installation and both Indexer and Search Head seem to have latency and not performing as expected! ...

by Splunk Employee in

Rotuing data to specific indexes

I have situtationn where i have cluster master which managed the indexer cluster . I am getiing data in load balancin...

by Engager in

How to check missing universal forwarders

Any help will be appreciated, i trying from long back how to check missing forwarders.

by Path Finder in

Splunk Db Connect with Forwaders

We want to ingest data from databases to our indexer .Would it be recommended to use heavy forwarder or UF ? Also can...

by Engager in

Cluster bucket rebalancing: How long is too long?

My first few attempts at rebalancing were pretty great. No muss, no fuss. They ran for about 12 hours and like magic ...

by Influencer in

Forwarder issue

So we are trying to design a solution and we want two layers for forwarding . At the first layer universal forwarder ...

by Engager in

Apps: To Disable or To Delete?

I'm setting up a deployment server. From what I understand, the deployment server only adds or updates app files and ...

by Communicator in

Splunk replication factor and search factor modifications

If I increase my replication factor or the search factor. Does this changes are applicable to old buckets? suppose...

by Contributor in

How to app check deployment status

Hi everybody I have a challenge I must to deal with. I would like to create a script to deploy application from en...

by Path Finder in

I have to connect Splunk cloud to a mongoDB instance running on AWS. What is the best way to do this?

It seems like Hunk cannot be used since it is only available for Splunk Enterprise. Any work around for that? As for ...

by Path Finder in

HTTP Event Collector through Deployment Server

I followed the instructions on this page for scenario 3 - http://dev.splunk.com/view/event-collector/SP-CAAAE73#scen3...

by Builder in

architecture to support a single-site index in a multisite indexing cluster?

Hello Splunk Gurus, I have a multisite indexing cluster in Splunk 6.6.1 spanning two sites: small & big. The "b...

by Engager in

Impact of shutting down some splunk roles for a day?

I have a 5 node indexer cluster and a 3 node SHC which are all physical servers, but the rest are VMs (Deployment ser...

by Path Finder in

Splunkforwarder stopped sending data randomly

Hey Guys! So I have 2 forwarders they had stopped sending current data, I looked over the splunk config with a spl...

by New Member in

Watching the watchmen: how to monitor splunkd from the command line

Hi - I would like to monitor the status of a linux-based splunkd configured as a heavy forwarder from an external ...

by Path Finder in

Does the splunk_archver app need to be distributed to the search peers via the knowledge bundle?

We recently upgraded to Splunk 6.5.1 and noticed a fairly large increase in our replicated knowledge bundle size from...

by Path Finder in

Force search head cluster to forget old nonexistent members without performing remove shcluster-member command

Some time ago we had a Splunk search head cluster with nodes named “vm-splunk-sh01”, “vm-splunk-sh02”, “vm-splunk-sh0...

by Explorer in

Get Updates on the Splunk Community!

Deployment Architecture

Discussions

How to calculate dispatch directory size in Splunk?

Is it possible to bring new servers online into the respective pools and have them sync in such a way that we can remove the old servers one at a time?

How to configure Universal Forwarder to receive UDP traffic

Best practices to send multiple devices to a single indexer via syslog

Splunk performs tsidx reduction immediately on warm buckets

script doesn't run. error Couldn't start command "" Resource temporarily unavailable

Deleting old Splunkd logs in Splunk forwarder

Splunk forwarder configured with dummy splunk server results in long pause in puppet splunk restart

Splunk 6.x and Linux? not so fast?

Rotuing data to specific indexes

How to check missing universal forwarders

Splunk Db Connect with Forwaders

Cluster bucket rebalancing: How long is too long?

Forwarder issue

Apps: To Disable or To Delete?

Splunk replication factor and search factor modifications

How to app check deployment status

I have to connect Splunk cloud to a mongoDB instance running on AWS. What is the best way to do this?

HTTP Event Collector through Deployment Server

architecture to support a single-site index in a multisite indexing cluster?

Impact of shutting down some splunk roles for a day?

Splunkforwarder stopped sending data randomly

Watching the watchmen: how to monitor splunkd from the command line

Does the splunk_archver app need to be distributed to the search peers via the knowledge bundle?

Force search head cluster to forget old nonexistent members without performing remove shcluster-member command

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

State of SIR in ServiceNow not capturing

Offline Logging and oberservability - on permises

v0.116.0 upgrade for EKS cluster gives webhook err...

My servers class Agent allways in Pending status

splunk_internal_telemetry:53 - Failed to send tele...

Deployment Architecture

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!