Deployment Architecture

Community Activity

Sending splunk data through a dlp to a heavy forwarder Got a customer wanting the UFs to send data to the forcepoint DLP and then to the intermediate heavy forwarder. The r... by jcgever Explorer in Deployment Architecture 11-21-2023 0 1	0	1
How to troubleshoot the applied regex in the server Hi,I had blacklisted the "(?:ParentProcessName).+(?:C:\\Program Files\\Windows Defender Advanced Threat Protection\\)... by AL3Z Builder in Deployment Architecture 11-21-2023 0 17	0	17
What are the best practices for creating and distributing apps to UF from a DS in a Splunk Cloud scenario? I have a Splunk Cloud instance where we send logs from servers with the Universal Forwarder installed. All UF are man... by pvarelab Path Finder in Deployment Architecture 11-21-2023 0 3	0	3
increase search performance in clustered environment Hi allI created an environment with following instances:cluster masterthree search headsfour indexersheavy forwarderl... by sigma Path Finder in Deployment Architecture 11-19-2023 0 2	0	2
Heavy Forwarder Instance How Do I get the instance for heavy forwader for my vm box for set up. Is the UF instance differ from HF instance? by blkscorpio Observer in Deployment Architecture 11-18-2023 0 6	0	6
buckets - hot/warm and cold on 2 separate volumes if we configure a fast volume for hot/warm and slower spindles for cold and set maxVolumeDataSizeMB to enforce sizes.... by smithy001 Explorer in Deployment Architecture 11-15-2023 0 5	0	5
Search and Federated Search compression ratio Hello,Supposing you have a Search Head in Cloud, doing Federated Searches to other Search Heads on-prem, which is the... by edoardo_vicendo Builder in Deployment Architecture 11-14-2023 0 3	0	3
default_namespace on SHC I have created an app for a team that I work with, and have set up mapping from our SAML auth so that the people on t... by clayraed Loves-to-Learn in Deployment Architecture 11-10-2023 0 0	0	0
Error in 'where' command: The expression is malformed Splunkd error Hi TeamGetting this error message frequently in internal logs of Splunk.Error in 'where' command: The expression is m... by spl10 Explorer in Deployment Architecture 11-09-2023 0 1	0	1
how to enable initialized flag in search head cluster Hi,we have deployed a search head cluster with two search head and one deployer.when we run : /opt/splunk/bin/splunk ... by maede_yavari Explorer in Deployment Architecture 11-08-2023 0 2	0	2
cluster master and deployment server in the distributed Splunk environment cannot be logged in via the GUI a problem where the cluster master and deployment server in the distributed Splunk environment cannot be logged in vi... by Bisho-Fouad Explorer in Deployment Architecture 11-06-2023 0 14	0	14
Why is the index size much larger than the actual data by 3x to 4x? Index Size is 5.3G vs 1.6G Raw Data:Raw data Index on Splunk This is also affecting our licensing plans as well. Thi... by red2play Loves-to-Learn in Deployment Architecture 11-03-2023 0 1	0	1
IOWAIT alert One the search head that our SOC uses, i get the following:IOWaitSum of 3 highest per-cpu iowaits reached red thresho... by FPERVIL Explorer in Deployment Architecture 11-01-2023 0 1	0	1
failed_because_BUNDLE_DATA_TRANSMIT_FAILURE Dear Team, We have a cluster step up where 3 search head(cluster) , 3 indexer(cluster),1 index master,1 deployer, 1 ... by Venkataraman Engager in Deployment Architecture 10-31-2023 0 5	0	5
Universal forwarder on intranet environment Hi All,Our scenario is like, in our AWS environment ,we want to collect our logs by using universal forwarder from ou... by shriramwasule New Member in Deployment Architecture 10-31-2023 0 2	0	2
what is best practices for managing multiple index Hello,we have a data center with several type of equipment such as servers, switches, routers, EDR, some IOT Sensors,... by maede_yavari Explorer in Deployment Architecture 10-30-2023 0 7	0	7
With out Cluster master, set up High availability server. Hi team, My project Zone 1 have Deployment server , HF and (SH+Indexer)Zone 2 also Deployment server ,HF and (SH+... by vijreddy30 Loves-to-Learn Everything in Deployment Architecture 10-27-2023 0 1	0	1
Regarding Splunk license on 2 data centers Hello All, We are setting up a Splunk enterprise multisite cluster, and i was wondering can we have 2 license master,... by dhana22 Explorer in Deployment Architecture 10-26-2023 0 1	0	1
Co-locate the deployment server with other splunk HF Hi All,We have approximately 100 Splunk Universal Forwarders (UFs) installed at a remote site, and we're interested i... by VK18 Explorer in Deployment Architecture 10-26-2023 0 4	0	4
Issue with the splunk reload deploy-server Hello,Upon attempting to execute the command $SPLUNK_HOME/bin/splunk reload deploy-server following the update of app... by AL3Z Builder in Deployment Architecture 10-24-2023 0 1	0	1
Implement Splunk high availability servers Hi All, Currently Development zone-1 HF and( SearchHead+Indexer ) single instanceQA -HF,Deploymentserver and Deployme... by vijreddy30 Loves-to-Learn Everything in Deployment Architecture 10-23-2023 0 4	0	4
Multisite Indexer Cluster Replication Port Hi at all,I have to configure a multisite Indexer Cluster and I have a dubt:in the Splunk architectig course, the ind... by gcusello SplunkTrust in Deployment Architecture 10-20-2023 0 3	0	3
Migrate indexer database to new cluster Hello, all!Im hopefully looking for an ELI5 (explain like im 5) on the best way to migrate indexer cluster database t... by Darthsplunker Path Finder in Deployment Architecture 10-19-2023 1 3	1	3
SF & RF doesn't meet after removing indexer from cluster I have a bucket in fixup tasks in indexer cluster-> bucket status, its been struck. Both SF & RF. So, both SF and RF... by sandeepreddy947 Path Finder in Deployment Architecture 10-18-2023 0 2	0	2
Why are RF and SF not met? Been having trouble with my indexers but everything is fine now and up. But now my RF and SF are still not been met. ... by woodlandrelic Path Finder in Deployment Architecture 10-18-2023 0 7	0	7