Deployment Architecture

Start a Conversation

Discussions

Start a Conversation

Thread Info

Splunk Architecture Diagram - Why is Visio stencil not loading?

Hello, I am working on an architecture drawing for Splunk and when i downloaded the visio stencil from splunk docs...

by Motivator in

License Usage Report - User Seat, Per Uptime, Per API Runs

Hi Team, I am looking for how to pull license usage report for User Seat, Per Uptime and Per API Runs license metri...

by Explorer in

Where is URL for a Knowledge Objects search within settings?

I am looking to define globally all of the 'knowledge objects' within a search head. Where is the URL found within Se...

by Explorer in

How to Transpose Correct Query

OLD Query: source="http:Emerson_P1CDN" AND status_code=200 AND path=*/catalog* AND path!=*thumb* AND path!=*Ca...

by Explorer in

What are the best long-term storage options to store data from Splunk Indexers?

Hello, I am interested in knowing the best storage option among these three (DAS, NAS or SAN) when you want to sto...

by Explorer in

Why the error "Daily indexing volume limit exceeded" on Splunk free license with 500Mb daily indexing limit?

We are on the Splunk Free license, which has a daily indexing limit of 500Mb. This has never before been a problem be...

by Explorer in

Why are Wineventlogs Forwarding without AD?

Hi There, I am having windows server 2008 without AD. would like to forward wineventlogs from windows server 2008 ...

by Explorer in

Is it possible to forward same data to different Splunk platforms/indexers clusters without using double license usage?

Hello, Is it possible to forward same data to different Splunk platforms / indexers clusters without using double l...

by Motivator in

Can the deployment server be used to deploy apps to a search head and also transforms/props/configuration to indexers?

Can the deployment server be used to deploy apps/configuration to a search head and also transforms/props/configurati...

by Contributor in

Multisite Replication Factor: Why are my results only pulled from a single site's peers, not from both?

I recently inherited this splunk system, and I am gradually working out how it is set up. When running a search yeste...

by Path Finder in

Is it possible for a search head cluster to search multiple index clusters?

Is it possible for a search head cluster to search multiple index clusters? A Solo Searchhead can do so, but I'm...

by Engager in

How to remove universal forwarder (or UF configs) using the deployment server?

Is it at all possible to remove/uninstall UFs by pushing some script(s) from the deployment server. I do not have OS ...

by Loves-to-Learn in

Why when we have One input, we are receiving two TZ?

Hi, we have one syslog input where we receive log data from two different sources. One runs on local time, i.e....

by Path Finder in

How do I fix 500 Internal Server error when using "Open in Search" feature on some panels

I am encountering internal server errors when clicking on the open in search magnifying glass. These are large queri...

by Loves-to-Learn Lots in

Why do I have a disk space warning for /opt/splunk/var/lib/splunk/audit/db but i have over 300 GB free on disk

I have 2 partitions on my centos. The first one is 20 GB and mounted on / and the second one is 300 GB and mounted on...

by Loves-to-Learn Lots in

How can I Troubleshoot why apply shcluster-bundle does not work / takes very long time?

Hello, When I run the splunk apply cluster-bundle command it seems to create a bundle for all apps in /$SPLUNK_HOM...

by Path Finder in

Could not create Splunk settings directory at '/root/.splunk'

Anytime I try to do anything with my deployment server I get this error: An error occurred: Could not create Splun...

by Path Finder in

Search head cluster hybrid search: Why error "Gave up waiting for the captain to establish a common bundle version..."?

I'm trying to migrate to a fully clustered environment so I'm trying out hybrid search as a bridge to getting fully c...

by Motivator in

How to install a Separate Python from Splunk on RHEL 7.9?

Hello, Specs: Splunk Enterprise 8.2.1Server OS: RHEL 7.9 I have a distributed installation of Splunk Enterp...

by Observer in

Running React with Splunk on an IDE: Is it possible to create components like Visual Studio in conjunction with Splunk?

HiWhen I create Splunk apps which derive from React components, I usually create the React component on the Command L...

by Builder in

Get Updates on the Splunk Community!

Deployment Architecture

Discussions

Splunk Architecture Diagram - Why is Visio stencil not loading?

License Usage Report - User Seat, Per Uptime, Per API Runs

Where is URL for a Knowledge Objects search within settings?

How to Transpose Correct Query

What are the best long-term storage options to store data from Splunk Indexers?

Why the error "Daily indexing volume limit exceeded" on Splunk free license with 500Mb daily indexing limit?

Why are Wineventlogs Forwarding without AD?

Is it possible to forward same data to different Splunk platforms/indexers clusters without using double license usage?

Can the deployment server be used to deploy apps to a search head and also transforms/props/configuration to indexers?

Multisite Replication Factor: Why are my results only pulled from a single site's peers, not from both?

Is it possible for a search head cluster to search multiple index clusters?

How to remove universal forwarder (or UF configs) using the deployment server?

Why when we have One input, we are receiving two TZ?

How do I fix 500 Internal Server error when using "Open in Search" feature on some panels

Why do I have a disk space warning for /opt/splunk/var/lib/splunk/audit/db but i have over 300 GB free on disk

How can I Troubleshoot why apply shcluster-bundle does not work / takes very long time?

Could not create Splunk settings directory at '/root/.splunk'

Search head cluster hybrid search: Why error "Gave up waiting for the captain to establish a common bundle version..."?

How to install a Separate Python from Splunk on RHEL 7.9?

Running React with Splunk on an IDE: Is it possible to create components like Visual Studio in conjunction with Splunk?

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

What proxy rules are needed to allow install for a...

Why do Fixup tasks still present after rolling res...

Rolling Upgrade of Search Head Cluster does not au...

Documentation no Multiple splunk MSaaS or multi te...

O365 API Keys expiring: Are there different Splunk...