Deployment Architecture

Community Activity

Why is my SHC captain reporting the error that it can't connect to the (previous) captain? My SHC captain is reporting this: Search peer <current_captain> has the following message: The search head cluster c... by twinspop Influencer in Deployment Architecture 11-09-2016 0 3	0	3
Is it possible to do a "dry-run" of a serverclass configuration to see how it will actually deploy? Is it possible to do a "dry-run" of a serverclass config, to see how it will actually deploy? Ie. which clients would... by reedmohn Communicator in Deployment Architecture 11-09-2016 1 7	1	7
Can a search head deployer manage multiple search head clusters? Hi, Can the search head deployer manage multiple search head clusters (outside of running multiple instances)? We a... by a212830 Champion in Deployment Architecture 11-09-2016 0 1	0	1
Splunk for Storage Devices Hey Splunkteam, i was just wondering how good the support is for getting data/logs out of the different storage devi... by eikstang New Member in Deployment Architecture 11-09-2016 0 3	0	3
How to maintain existing replication factors while adding new attributes while migrating from single site to multi-site indexer cluster? Hi, We are working on migrating a single site indexer cluster to multi-site indexer cluster. For this, we are using ... by keerthana_k Communicator in Deployment Architecture 11-08-2016 0 2	0	2
Container name for host using splunk universal forwarder I am using the universal forwarder to collect logs from docker hosts however when i see the docker containers it has ... by ppierson New Member in Deployment Architecture 11-08-2016 0 12	0	12
How to resolve a non-existant LDAP account causing issues in splunkd? Hi, We are getting flooded with error messages from a non-existant LDAP account in our splunkd, and complaints from ... by a212830 Champion in Deployment Architecture 11-08-2016 0 2	0	2
Where are my dashboards and fields located on the server? I'm moving a standalone Splunk setup from a Windows server to a Linux server.. I moved some of the buckets o' data fr... by skoelpin SplunkTrust in Deployment Architecture 11-08-2016 0 1	0	1
What is the best practice to change the Splunk admin password? We are running multi cluster Splunk environment with a few indexers, few search heads, heavy forwarder, etc. We need ... by mlevsh Builder in Deployment Architecture 11-08-2016 0 3	0	3
Can deployment servers handle mirroring so changes on my main deployment server can replicate to gateway servers to push to secure domains? For compliance reasons, we need to have gateway servers set up at the edges of our secure domains that can forward Sp... by cdoebert Path Finder in Deployment Architecture 11-07-2016 0 2	0	2
Search Head Clustering Question Hi, I currently have a standalone Search Head and I will soon be deploying a search Head Cluster using 3 differe... by jspvkey Explorer in Deployment Architecture 11-07-2016 0 15	0	15
how to add search heads to licensing pool Hi all how can i add splunk search heads to defalut license pool auto_generated_license pool i have already added t... by vk1544 Explorer in Deployment Architecture 11-07-2016 1 6	1	6
Splunk Architectural Questions - DMC, CM, LM, DS, SHCD? First some quick background, I have new but fairly complex Splunk Enterpirse ES environment with HA Index Clustering ... by quihong Path Finder in Deployment Architecture 11-06-2016 0 2	0	2
How to migrate from an indexer clustering to a standalone environment? Weird question, but does anyone have a graceful procedure to go from clustered environment to stand alone? Current ... by sidekix24 Path Finder in Deployment Architecture 11-06-2016 0 1	0	1
How to add Search heads to default license Pool ? Hi Team, I am preparing a POC in which i have configured indexers to the default license pool . I have dev enterpris... by vikas_gopal Builder in Deployment Architecture 11-06-2016 0 6	0	6
How to use KV Store in a search head cluster? Hello I have a search head cluster with 3 peers. Now I want to use KV Store within that cluster, with \|inputlookup`\|l... by ehudb Contributor in Deployment Architecture 11-06-2016 0 1	0	1
KV Store - Is it one per Search Head Cluster or one in general? I'm having issues deploying the Win Infrastruture App - "Key Value store must be enabled" I have two Search Head Clu... by quihong Path Finder in Deployment Architecture 11-06-2016 0 1	0	1
Why is Nav Refresh not occurring on my search head captain? I have added the Nav contents in one search head (captain), used the refresh, and used Splunk restarts. But we're sti... by nravichandran Communicator in Deployment Architecture 11-05-2016 0 3	0	3
Solaris 10 Univ Fwdr install What is the correct file for installing to Solaris 10? splunkforwarder-4.3.1-119532-solaris-8-sparc.pkg.Z or splunkf... by Mark_Barrett Explorer in Deployment Architecture 11-04-2016 0 2	0	2
How to split this json become mutiple events? Hello I'm trying to split a Json file from FaceBook Graph API into multiple Events in the props.conf Here is the j... by blzaxe New Member in Deployment Architecture 11-04-2016 0 2	0	2
What is the recommended procedure to move an app from one Search Head Cluster to another SHC? I need to move a few apps from SHC1 to SHC2. My plan is below. Critique please! (SHC1 uses deployer Dply1, SHC2 Dply... by twinspop Influencer in Deployment Architecture 11-03-2016 1 2	1	2
Set forwarder to Ignore previous logs We have the forwarder installed on a RHEL server to pull the kern messages into Splunk. The requirement is Splunk sh... by Navanitha Path Finder in Deployment Architecture 11-03-2016 0 2	0	2
How do you get the bucket info (name/path) to use with coldToFrozen script The example coldToFrozen script that comes with splunk, requires the name and path of the bucket to be frozen. Once ... by bnolf Engager in Deployment Architecture 11-02-2016 0 1	0	1
How do I prevent my license master / Deploy Server / Management Console system from having the Indexer and Search Head roles I've followed the steps to configure my system to have my DS/LM box to be the Distributed Management Console as well.... by j4adam Communicator in Deployment Architecture 11-02-2016 0 2	0	2
Re-indexing aged-out data process? Dear All, We have a clustered-index Splunk 6.3 system where the administrators set the frozen time to a very low val... by BlueSocket Contributor in Deployment Architecture 11-01-2016 1 2	1	2