Deployment Architecture

Ask a Question

Discussions

Thread Info

Indexer colddb filesize increase- Will this cause issues?

Lets say my colddb space is 15TB and volume datasize is 20TB as below (indexer.conf) what will be issues it may caus...

by Observer in

Multisite replication factor issues

Hi all, I'm testing multisite indexer clustering with below configuration and found an undesired behaviour in the c...

by Path Finder in

DC:DeploymentClient - channel=tenantService/handshake Will retry sending handshake message to DS; err=not_connected"

We have a client that connected to Splunk Deployment server where we get an error "DC:DeploymentClient - channel=tena...

by Explorer in

Newly added forwarder not listing in clients (Forwarder management)

Hi Splunk support, I recently added my second forwarder. Everything was perfectly done. Only one thing is, the newl...

by Loves-to-Learn Lots in

Make the master node return the FQDN of peers instead of IP Address

Hello all, So, we ran into (yet) another issue with Splunk... We have provisioned: - 1 Cluster Manager/ Dep...

by Explorer in

We set up a new role, however users with the role are not able to access index

We have a problem when users try to query a specific index. They can query all of other indexes from this role...

by Splunk Employee in

Getting error while pushing configuration bundle action from cluster master "[Critical] idx=ad_data_enrichment Volume s"

We are trying to push cluster bundle from cluster master to other indexers. We are getting the following error in t...

by Explorer in

Integration - On-Prem Splunk to Cloud WAF?

Hi, Anyone tried having this kind of integration where an ON-prem Splunk will be integrated to a cloud waf? Clo...

by Observer in

Disabling KV store

I wanted to read up on which roles does need the KV store, which might and wich do not. In the Admin Manual under A...

by Explorer in

Splunk Migration from us-east1 to ca-central?

Hi, We are in the process of migrating our indexes/alerts/reports/dashboards from us-east1 to ca-central1 and I would...

by New Member in

Input.conf issue monitoring same directory multiple times

I have a inputs.conf where it will monitor all the files from a folder [monitor:///mydata/my_folder/ToSplunk/*.(mylog...

by Path Finder in

Can't select timestamp field on DB Connect App?

Hi, we are trying to configure a MSSQL query in DB Connect App. Some how we are not be able to select timestamp field...

by Path Finder in

Getting a failed to join cluster error from an indexer after an inadvertent IP change (and change back), but the CM reports the indexer is joined and healthy. How to fix?

Indexer was running normally yesterday. We offlined it, and after maintenance, rebooted it. When it came back up, it ...

by Influencer in

Failed to Register with Cluster Master

WARN CMSlave - Failed to register with cluster master reason: failed method=POST path=/services/cluster/master/peers/...

by Path Finder in

Getting an Error setting up Clustering

I am attempting to create a cluster but I am receiving an error when I attempt to add a peer (any peer for that matte...

by Path Finder in

[9.0.3+] Invalid file path /proc/1/cgroup while checking container status

After upgrade from 8.2.4 to 9.0.4.1 forwarders connect to indexers then after the Indexer cluster gets stabilized. Al...

by Splunk Employee in

How to get a list of search heads in my Splunk environment?

Hi, I am relatively new to Splunk and I would like to know how to find out what are the number of "Search Heads" o...

by Engager in

Deployment Client Sending Logs to Backup Log Collector

Hello, I have a question regarding forwarding and receiving in Splunk. Can I configure the deployment client to se...

by Explorer in

Change frozenTimePeriodInSecs of an existing indexes

Hello Splunkers,I would like to change the value of frozenTimePeriodInSecs for one of my existing indexes. What sho...

by Contributor in

What are my options to track the captain switch over time in a search head cluster?

I have a 6 node Search Head Cluster deployment. What are my options to figure out the Captain switch over time?

by Splunk Employee in

Is there a way for HF double forward to Splunk On-Prem and Cloud?

Hi all, In our infrastructure we are integrating a heavy forwarder belonging to another company.We would need this...

by Explorer in

What is the max recommended of indexes on a single indexer in AWS?

Hello Community, I am looking at deploying Splunk Enterprise on AWS on a HEFTY EC2 compute-optimized instance, an...

by Path Finder in

How to delete a bucket stuck in "fixup tasks - In Progress" server side?

Hello I currently have a bucket that is stuck in "fixup tasks - in progress" tab for a while. Is there any way to ...

by Path Finder in

Why does Search peer have the following message: Failed to make bucket = searchable?

Hello, I'm checking a Splunk cluster install that has been working just fine for a while. However, a few weeks ago...

by Explorer in

How do I fix this error: WARN BucketReplicator - Failed to replicate Streaming bucket?

We have 8-node indexer multi-site cluster with total of 2 sites (each site with 4 indexers) Site 1 -SITE1IDX01SITE...

by Loves-to-Learn Everything in

Get Updates on the Splunk Community!

Deployment Architecture

Discussions

Indexer colddb filesize increase- Will this cause issues?

Multisite replication factor issues

DC:DeploymentClient - channel=tenantService/handshake Will retry sending handshake message to DS; err=not_connected"

Newly added forwarder not listing in clients (Forwarder management)

Make the master node return the FQDN of peers instead of IP Address

We set up a new role, however users with the role are not able to access index

Getting error while pushing configuration bundle action from cluster master "[Critical] idx=ad_data_enrichment Volume s"

Integration - On-Prem Splunk to Cloud WAF?

Disabling KV store

Splunk Migration from us-east1 to ca-central?

Input.conf issue monitoring same directory multiple times

Can't select timestamp field on DB Connect App?

Getting a failed to join cluster error from an indexer after an inadvertent IP change (and change back), but the CM reports the indexer is joined and healthy. How to fix?

Failed to Register with Cluster Master

Getting an Error setting up Clustering

[9.0.3+] Invalid file path /proc/1/cgroup while checking container status

How to get a list of search heads in my Splunk environment?

Deployment Client Sending Logs to Backup Log Collector

Change frozenTimePeriodInSecs of an existing indexes

What are my options to track the captain switch over time in a search head cluster?

Is there a way for HF double forward to Splunk On-Prem and Cloud?

What is the max recommended of indexes on a single indexer in AWS?

How to delete a bucket stuck in "fixup tasks - In Progress" server side?

Why does Search peer have the following message: Failed to make bucket = searchable?

How do I fix this error: WARN BucketReplicator - Failed to replicate Streaming bucket?

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Offline Logging and oberservability - on permises

v0.116.0 upgrade for EKS cluster gives webhook err...

Does a props/transforms.conf Visio stencil exist?

My servers class Agent allways in Pending status

splunk_internal_telemetry:53 - Failed to send tele...

Deployment Architecture

Are you a member of the Splunk Community?

Discussions