Deployment Architecture

Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
philip_wong

Can we disable rolling restart for Search Head Clustering?

We have an internal built application management tool to start Splunk and monitor it's process status. Search Head Cl...
by philip_wong Communicator in Deployment Architecture 07-17-2015
1 5
1
5
NickCorbettAt

Can I tell Hunk to combine 3 different folders in an S3 bucket into a single Virtual Index?

Hi I am using Hunk on Amazon EMR. My source data is in 3 different folders in an S3 bucket. Can I tell Hunk to com...
by NickCorbettAt Explorer in Deployment Architecture 07-17-2015
0 10
0
10
mfrost8

Search head clustering across a WAN?

We're planning the move from search head pooling to search head clustering. With pooling we were limited by where w...
by mfrost8 Builder in Deployment Architecture 07-15-2015
0 4
0
4
tjj9309

What is the best practice for organizing indexes for multiple environments of an application such as dev, QA, and prod?

What is the best practice for organizing indexes for multiple environments of an application such as dev/qa/prod? Is...
by tjj9309 Engager in Deployment Architecture 07-14-2015
0 2
0
2
varungudimetla

Can a deployment server be a deployment client?

07-13-2015 22:48:43.881 -0500 INFO DC:DeploymentClient - channel=tenantService/handshake Will retry sending handshak...
by varungudimetla Observer in Deployment Architecture 07-14-2015
0 1
0
1
DFresh4130

Seeing old splunk search pids

We have a simple splunk installation where the indexer and server process reside on the same box. When I do a ps -ef...
by DFresh4130 Path Finder in Deployment Architecture 07-13-2015
0 7
0
7
rana_nour

Using the bucket command, why doesn't one bucket range appear?

I have a search that categorizes results according to the response time and buckets them in 1000. I have 0-1000 and 1...
by rana_nour Explorer in Deployment Architecture 07-13-2015
0 3
0
3
sat94541

splunkd and splunkweb are up for a cluster peer, but why is it repetitively downloading the cluster bundle with the following errors?

We have clustered environment Version : v6.1.1 1 x CM (Multi-Site, rf=2, site_rf=origin:1,site1:1,site2:1,total:2,...
by sat94541 Communicator in Deployment Architecture 07-12-2015
1 1
1
1
RecoMark0

Possible to add linux search peer with Putty key and without username or password?

Hello, I am trying to add another search peer to my search head, through the Settings > Distributed Search menu. I d...
by RecoMark0 Path Finder in Deployment Architecture 07-09-2015
1 4
1
4
JabawokJayUK

Migrating to a distributed search architecture, is it required to change the distributed management console from standalone to distributed?

We are migrating from 2 x split indexers (standalone) instances to 2 x split indexers and a dedicated search head / ...
by JabawokJayUK Engager in Deployment Architecture 07-09-2015
0 12
0
12
shandman

Deployment Server vs. Deployer

I am having a hard time trying to understand the difference between the two. I wonder if Splunk can make future name ...
by shandman Path Finder in Deployment Architecture 07-09-2015
3 3
3
3
hagjos43

Moving from a single indexer/search head to indexer clustering, does the master node have to be a separate server, or can I use the deployment server?

Good morning. We are (finally) looking to upgrade and add a second indexer in the mix. Our current setup is the foll...
by hagjos43 Contributor in Deployment Architecture 07-09-2015
0 8
0
8
mvishal

More than 100 “EventID=8306 sourcetype="xyz"” in 15 minutes on an individual host base

i want an alert setup in splunk for 100 occurrence of event id 8306 per host for sourcetype "xyz" in 15 minutes.. C...
by mvishal Explorer in Deployment Architecture 07-08-2015
0 1
0
1
mmensch

Has anyone scaled Splunk across a multisite deployment? How has it worked out for you and are there capacity planning tips?

Hello, I am trying to start a new Splunk project. I have 3 sites across the U.S. I would like to implement Splunk. E...
by mmensch Path Finder in Deployment Architecture 07-07-2015
0 8
0
8
harrymclaren

Why are my 3 search heads in a search head clustering environment filling up the directory "/opt/splunk/var/lib/splunk/kvstore/mongo"?

I'm currently building out a Splunk environment and could do with some help. The three search heads (clustered) are...
by harrymclaren Explorer in Deployment Architecture 07-07-2015
1 3
1
3
gmark

How to Get Edits to "Take"?

I've used the information previously posted to manually update some XML files in an application and then to restart s...
by gmark Explorer in Deployment Architecture 07-02-2015
0 1
0
1
Branden

Host-specific files with Deployment Server

Hi. After getting tired of managing 20 individual lightforwarders and one indexer, I've decided to make use of the De...
by Branden Builder in Deployment Architecture 07-01-2015
1 5
1
5
philip_wong

Can we enable shared KV store with Search Head Pooling (not clustering)?

We're not ready to apply Search Head Clustering yet, but we're on Search Head Pooling now. Can we apply KV store quic...
by philip_wong Communicator in Deployment Architecture 06-30-2015
0 3
0
3
pramit46

Why does the bucket command show 3 rows when bin=4, but 1 row when bin=3?

when I use the following: index= _internal | bucket size bins=3 |stats count(_raw) by size I see: size----------...
by pramit46 Contributor in Deployment Architecture 06-30-2015
0 4
0
4
ben_leung

Is there a curl command to execute a rolling restart in a search head cluster?

From the docs http://docs.splunk.com/Documentation/Splunk/6.2.3/DistSearch/RestartSHC One has to identify the search...
by ben_leung Builder in Deployment Architecture 06-29-2015
1 2
1
2
mciudad

How to update the search head configuration from the cluster master?

I'm trying to update the configuration of all the peers from my cluster master. With the indexers, it's eash to put t...
by mciudad Explorer in Deployment Architecture 06-29-2015
0 1
0
1
darshan_singh01

Why are we getting "Replication factor not met" in our multisite indexer clustering environment?

We have configured multisite indexer clustering (2 peers at each site1/2 and one search head at site 1) with the belo...
by darshan_singh01 Path Finder in Deployment Architecture 06-28-2015
0 7
0
7
sj0man

Splunk DB connect: How to change maximum size per event

Environments: Windows Server 2008 R2, Splunk 6.2.3, DB connect 1.2, JRE8, MSSQL There are some events of more than 1...
by sj0man Engager in Deployment Architecture 06-28-2015
0 2
0
2
jordanperks

If I have a replication factor of 3, when data rolls to frozen, will it store 3 copies of the same frozen bucket?

I have been searching for hours and have, so far, come up empty. If I have a RF=3 and SF=3, when data rolls to my fro...
by jordanperks Path Finder in Deployment Architecture 06-26-2015
0 3
0
3
agodoy

Server.conf serverName variables

I am trying to develop a standardized version of server.conf to deploy to all my forwarders. In a Windows environmen...
by agodoy Communicator in Deployment Architecture 06-26-2015
0 1
0
1
Get Updates on the Splunk Community!

New Year, New Changes for Splunk Certifications

As we embrace a new year, we’re making a small but important update to the Splunk Certification ...

Stay Connected: Your Guide to January Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...

[Puzzles] Solve, Learn, Repeat: Reprocessing XML into Fixed-Length Events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...