Deployment Architecture

Ask a Question

Discussions

Thread Info

Data Feed Status in splunk: How I would know when the last time data came in under any index/sourcetype?

Hello, How I would know when the last time data came in under any index/sourcetype? I have one query (see below)...

by Motivator in

Configured inputs to monitor a file path but no events visible in Splunk

Hi All, I have configured inputs to monitor a file path but no events visible in Splunk. Checked internal ...

by Path Finder in

Splunk Query to get all configured DB Connections and their associated index/sourcetypes inSPLUNK

Hello, Are there any queries I can run from SPLUNK search head to find: 1. all configured DB Connections and thei...

by Motivator in

Why are the mask changes failing?

Hello We recently migrated our CM to a new clean host. After migration almost everything is good but I have a few e...

by Communicator in

Why are we experiencing this Splunk Permission Error

Hello, Noticed my Indexer was down and I could not sign in. Went to restart splunk as sudo then root user an...

by Path Finder in

How do I configure deployment server where I have a main or master server that has apps it pushes to its clients?

How do I configure deployment server where I have a main or master server that has apps it pushes to its clients and ...

by Explorer in

Splunk KV Store setup in a Search head Cluster

Hi, I having an issue with setting up my search head cluster environment. I have a stand alone deployment serve...

by Loves-to-Learn Everything in

How multisite SH clusters work

I have a multisite cluster with 3 sites . Which is having 6 indexers as peer nodes clustered across the 3-sites (2 in...

by Explorer in

What will be the Impact of scaling up a multisite indexer cluster?

Hi ,I have a multisite indexer cluster (3 sites , 2 indexers each, total 6 indexers) . we have kept - site_replicatio...

by Explorer in

Extract fields on the Heavy Forwarder

hello, Please I need to know how can I extract field in the heavy forwarder?I try by adding the extract stanza in th...

by Path Finder in

Indexers mixed with sas-2 and sas-3

Good day, I am managing an infrastructure that currently has both sas-2 and sas-3 hard drives mixed in with the OS ...

by Path Finder in

When Migrating from Splunk DBv2 Connect to DBv3

The new DBv3 doesn't like inline comments (--) in the SQL query you must update the query to user multi-line comment...

by Engager in

What are the next steps to prep servers for retirement?

We have a distributed search environment, with 2 very old indexers (the original servers) and 3 new indexers in a clu...

by Explorer in

Filtering syslog logs before indexing- What are the hardware requirements?

Hello Community, I have distributed environment with 2 indexers (each has 48 vCPU, 64gb RAM), which are ingesting ...

by Engager in

Why is reload deploy failing on SSO enabled system?

Hello Splunkers, I'm facing an authentication issue with my splunk instance during the App deployment. ...

by Explorer in

Why are there missing clients under forwarder management after upgrading Search Head from 8.0.4 to 8.1.9?

Hello, This is my first time asking a question on here, so apologies if there's some format to follow. My work ce...

by Path Finder in

Skipped search - Is it possible to have skipped reports due to the nobody user?

I am having a lot of skipped reports - but I think it is due to the nobody user. Increasing the system setting in ...

by Influencer in

What are the differences between “Automation Testing - Synthetic Transactions” app and “Splunk Synthetic App”?

What is the difference between these two and is there documentation on how to set them up and use them? We are lookin...

by New Member in

Could anyone help with the process of tracking down how this data is being brought into that index?

I upgraded the Heavy Forwarders in my environment to Splunk enterprise 8.2.5 and figured out today on the day of upgr...

by Engager in

How to forward from stand-alone server to an index cluster

Sounds easy, eh? I've been using Splunk since v3 -- and I've setup forwarding for servers dozens of times, and migrat...

by Communicator in

What happens if you forward the data from Heavy Forwarder to Universal Forwarder

Have anyone tried sending data from HF to UF? I know it's a stupid question.  And I know it's not going to work...

by SplunkTrust in

How to do Splunk Deployment for Multiple Sites?

Hello Experts Please do not route to Splunk PS or Partner help. i want to do it by myself but with help of you exp...

by Explorer in

Where is splunk installed on Linux?

I am trying to create a package for my app. I am using a linux server where splunk is installed. as i got the informa...

by Explorer in

Why did Windows UF stopped running scripted inputs from DS?

Hello, Thank you for taking the time to consider my question/situation. I am working on removing static deploymen...

by Path Finder in

How to measure approximately the source device is generating how much number of data that i need to ingest in splunk?

Dears I need an advice from experts who have past experience on splunk, Please do not advise for splunk profession...

by Explorer in

Get Updates on the Splunk Community!

Deployment Architecture

Discussions

Data Feed Status in splunk: How I would know when the last time data came in under any index/sourcetype?

Configured inputs to monitor a file path but no events visible in Splunk

Splunk Query to get all configured DB Connections and their associated index/sourcetypes inSPLUNK

Why are the mask changes failing?

Why are we experiencing this Splunk Permission Error

How do I configure deployment server where I have a main or master server that has apps it pushes to its clients?

Splunk KV Store setup in a Search head Cluster

How multisite SH clusters work

What will be the Impact of scaling up a multisite indexer cluster?

Extract fields on the Heavy Forwarder

Indexers mixed with sas-2 and sas-3

When Migrating from Splunk DBv2 Connect to DBv3

What are the next steps to prep servers for retirement?

Filtering syslog logs before indexing- What are the hardware requirements?

Why is reload deploy failing on SSO enabled system?

Why are there missing clients under forwarder management after upgrading Search Head from 8.0.4 to 8.1.9?

Skipped search - Is it possible to have skipped reports due to the nobody user?

What are the differences between “Automation Testing - Synthetic Transactions” app and “Splunk Synthetic App”?

Could anyone help with the process of tracking down how this data is being brought into that index?

How to forward from stand-alone server to an index cluster

What happens if you forward the data from Heavy Forwarder to Universal Forwarder

How to do Splunk Deployment for Multiple Sites?

Where is splunk installed on Linux?

Why did Windows UF stopped running scripted inputs from DS?

How to measure approximately the source device is generating how much number of data that i need to ingest in splunk?

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Transform your security operations with Splunk Enterprise Security

Splunk Admins and App Developers | Earn a $35 gift card!

How to install Splunk UF to AIX ?

Splunk Intermediate Forwarder Setup

CMMC Version 2.0

Stream forwarder only works when running as root

Search Cluster Overwriting etc/system/local/inputs...