Deployment Architecture

Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
VK18

KVStore data between Standalone search heads

Hi All,I currently have a primary standalone Enterprise Security (ES) search head located in the main data center. Ev...
by VK18 Explorer in Deployment Architecture 03-18-2024
0 4
0
4
skiransecops

Splunk ES not starting when indexer search was enabled from UI and then restarted.

I was recently working on Splunk Enterprise security to have a forwarder installed on the Linux machine and display i...
by skiransecops Loves-to-Learn Lots in Deployment Architecture 03-18-2024
0 2
0
2
ChaoticMike

How to choose an EC2 instance type for a heavy forwarder?

Hello everyone, I have a need to increase the compute capacity of an HF running in AWS (it is only forwarding, not in...
by ChaoticMike Explorer in Deployment Architecture 03-14-2024
0 5
0
5
ahadghani

Health Check: Minimum System Requirements for Indexers

We are receiving messages about how our indexers (distributed environment) doesn't meet the minimum system requiremen...
by ahadghani Engager in Deployment Architecture 03-14-2024
0 2
0
2
michael_vi

Replication factor change before indexer removing

Hi,We have 3 indexers and 1 search head (replication factor = 3).I need to permanently remove one indexer What is the...
by michael_vi Path Finder in Deployment Architecture 03-13-2024
0 1
0
1
makelovenotwar

web-features.conf in Clustered Environment

I would like to allow list a url from my dashboards so that no more redirection warnings pop up.  Per the documentati...
by makelovenotwar Path Finder in Deployment Architecture 03-13-2024
0 3
0
3
rickymckenzie10

Roll hotwarm data to cold when frozenTimePeriodInSecs is met

Hello, how can I ensure the data being sent to cool_index is rolled to cold when the data is 120 days old?The config ...
by rickymckenzie10 Explorer in Deployment Architecture 03-13-2024
0 2
0
2
ethammis

How to find stopped service ?

I have windows service called "ess". Due to network glitch the service is entering into stopped state and start state...
by ethammis Engager in Deployment Architecture 03-11-2024
0 3
0
3
himaniarora20

How to set a deployment server between Forwarders and Clustered environment

Hi Team,We have a search head cluster and indexer cluster in our current Splunk environment.  The data to the indexer...
by himaniarora20 Explorer in Deployment Architecture 03-06-2024
0 5
0
5
ryanaa

This license does not support being a remote master

 "I want to deploy my settings to another search head while using a virtual machine. However, whenever I attempt to a...
by ryanaa Explorer in Deployment Architecture 03-06-2024
0 3
0
3
kate

Installed Splunk Add-on for Unix and Linux 9.0.0 not getting memory data for ubuntu server?

Installed Splunk Add-on for Unix and Linux 9.0.0 not getting memory data for ubuntu server?Checks performed1) Getting...
by kate Path Finder in Deployment Architecture 03-04-2024
0 1
0
1
rickymckenzie10

How does frozenTimePeriodInSecs and maxWarmDBCount perform

Currently, each of my indexes is set to a specific and own frozenTimePeriodInSecs, but I am noticing they are not rol...
by rickymckenzie10 Explorer in Deployment Architecture 02-28-2024
0 3
0
3
kate

Version Compatibility from Universal Forwarder to splunk cloud verison 9.1.2308.203

Which version of Universal Forwarder for ubuntu (debian 64 bit) is compatible with to splunk cloud verison 9.1.2308.2...
by kate Path Finder in Deployment Architecture 02-28-2024
0 2
0
2
thaghost99

regex help to split into two rows of data

here is the current data Feb 27 14:12:38node0:-----------------------------------------------------------------------...
by thaghost99 Path Finder in Deployment Architecture 02-28-2024
0 2
0
2
Ka21

ReplicationStatus: Failed - Failure info: failed_because_BUNDLE_DATA_TRANSMIT_FAILURE

Hi We are facing below error while Run the search in search head. This is coming frequently and unable to solve it.We...
by Ka21 Loves-to-Learn in Deployment Architecture 02-26-2024
0 0
0
0
acavenago

How to get Resource Usage information of Heavy Forwarders in Monitoring Console

   Hello,I have a multi-site cluster at version 9.0.1, with several Indexers, SHs, and HF/UFs.The Monitoring Console ...
by acavenago Explorer in Deployment Architecture 02-26-2024
0 3
0
3
eregon

One indexer vs. two license servers

Hello fellow Splunkthusiasts!TL;DR: Is there any way to connect one indexer cluster to two distinct license servers? ...
by eregon Path Finder in Deployment Architecture 02-22-2024
0 1
0
1
SN1368

Distributed monitoring console overview problem after upgrading Splunk

helloafter I upgraded Splunk to the 9.1.1 version, some parts of the overview page in the distributed monitoring cons...
by SN1368 Observer in Deployment Architecture 02-19-2024
0 9
0
9
AMAN0113

Server Migration

We are planning to migrate a server that plays multiple roles as a DS, HEC, Proxy, SC4S, Syslog etc., to multiple ser...
by AMAN0113 Explorer in Deployment Architecture 02-19-2024
0 1
0
1
m_zandinia

Move some indexes to separate volume

Hi SplunkersCurrently, I have 8 indexers and about 100 indexes! Here is a sample of my indexes.conf: # volumes [volum...
by m_zandinia Path Finder in Deployment Architecture 02-18-2024
0 3
0
3
dokaas_2

In a mulit-site cluster, does Splunk replicate just the data to the remote and then the remote site indexer indexes the data?

In an multi-site cluster Splunk replicates the data to the remote site, but doe Splunk also replicate the index infor...
by dokaas_2 Communicator in Deployment Architecture 02-17-2024
0 8
0
8
Mad2

Can same server be SH , indexer and console for splunk enterprise

need to install the splunk enterprise and wanted to make SH and indexer , universal forwarder  same system , please a...
by Mad2 Observer in Deployment Architecture 02-16-2024
0 3
0
3
paecon

Storing Cold Database on NAS

Having trouble finding an answer for this one but is it possible to change just the cold database location to a NAS f...
by paecon New Member in Deployment Architecture 02-16-2024
0 3
0
3
pcsegal1

Migrate from indexer cluster to standalone instance

Hi, I have a legacy Splunk Enterprise cluster that consists of: 1 cluster master3 indexers, forming an indexer cluste...
by pcsegal1 Explorer in Deployment Architecture 02-14-2024
0 14
0
14
bapun18

I need to down size the number of indexers to half

Hi Team,I need to decrease the number of indexers used to half, in my current configurations we have site replication...
by bapun18 Communicator in Deployment Architecture 02-13-2024
0 4
0
4
Get Updates on the Splunk Community!

AI for AppInspect

We’re excited to announce two new updates to AppInspect designed to save you time and make the app approval ...

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

As we step into 2026, it’s the perfect moment to reflect on what an extraordinary year 2025 was for the Splunk ...

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Overview Enterprise Security 8.3 introduces a powerful new feature called “Entity Risk Scoring” (ERS) for ...
Top Solution Authors
View All