Deployment Architecture

Ask a Question

Discussions

Thread Info

Search Affinity Disabled on multisite cluster : Search results are incomplete

Hi, We have a multisite cluster with 1 indexer on each site with 1 SH on primary site. Currently, when search affin...

by Splunk Employee in

where i can get endgame Add on for Splunk enterprise 8.1.2

Hi Team, I am running Endgame API Add on 1.2.1 on my heavy forwarder(version 7.2.6). I am planning to upgrade H...

by Loves-to-Learn Lots in

Search head indexes.conf

Question regarding the indexes.conf on my search heads. Each index contains the paths to the home/cold/thawed directo...

by Path Finder in

migrate an existing indexer cluster to smart store

Hi everyone, Long story in short. I am planning to migrate our Splunk Cluster from public cloud to on-prem with a...

by Engager in

TA deployed with Deployment Server - Where can i make local changes?

Hi all, I have a TA deployed using the deployment server. The config files are deployed to different folders in bin...

by Path Finder in

Why is my 6.2 license slave not working with my 6.1.4 license master?

I have License master splunk version 6.1.4. I have now installed 6.2 version on some servers and these servers don't ...

by Splunk Employee in

How to group similar results from one field?

Hello! I'm hoping some Splunk masters can help me with what I thought would have been an easy task but I'm very much ...

by Path Finder in

Forwarder Management >> serverclass.conf not updating

All, Splunk 6.22 Using fowarder manager on my deployment server I created a good setup of apps and clients cla...

by Builder in

DB Connect not working with rising column

Good day! The databases are duplicated every time, and when using the "Rising Column" errors, various errors are disp...

by Loves-to-Learn in

Number of buckets report "unexpected mask=11 expected=0"

After failing over from the active cluster master to the redundant node (which holds the same configuration), 15 buck...

by Loves-to-Learn in

Why does Splunk Cloud have search head as standalone and not in a search head cluster ?

Why does Splunk Cloud have search head as standalone and not in a search head cluster ? How does Splunk engg team m...

by Contributor in

Monitor logs of WAN network

I am connected inside a WAN network that has WiFi APN, LAN cables and all work in same network. Network has router an...

by New Member in

Bundle replication response code 500

We have a Splunk Ent. 7.0.2 Search head cluster. We are seeing errors like below. Search peer splunksh-01 has the ...

by Path Finder in

This keeps appearing in my search head: "Problem Replicating config (bundle) to search peer x.x.x.x:8089, error while transmitting bundle date."

I have been receiving the message mentioned above for a few weeks, so I decided to check my splunkd.log file. (2) err...

by Communicator in

High IO on 2/33 indexers brought down whole cluster

So, 2 of our indexers sometime have very high I/O due to a known issue, but this is causing index queueing on all ou...

by Path Finder in

AWS Elastic Beanstalk Failing to Set Up Splunk Universal Forwarder User

I'm attempting to set up my AWS Elastic Beanstalk instance to also run Splunk Universal Forwarder on it and forward d...

by Explorer in

[<indexer hostname>] Timed out waiting for peer <indexer hostname>:ingest_pipe=1

HiWe are using splunk version 8.1.0 in cluster mode , in my environment we have this components:Nginx load load balan...

by Observer in

Splunk memory usage

Hello Splunk community, We are facing memory issues with our Splunk. Problem is connected with the installation of ...

by Observer in

The minimum free disk space (5000MB) reached, solve by increasing disk space in Linux?

Hi, Recently I encountered the issue "The minimum free disk space (5000MB) reached for /opt/splunk/var/run/splunk/...

by Path Finder in

Can I undo "| delete"?

So, I ran | delete on the wrong query. ooopz. Per the various docs I've poured through, it seems that warm directorie...

by Explorer in

How splunk create a checksum for each deployment app bundle?

Aside, from how splunk create a checksum for each deployment app bundle. Is there command via linux CLI that you can ...

by Explorer in

Automatic client deletion in deployment server (similar to manual "delete record" option).

Hi all, Is there a way to automatically delete some clients/hosts from the deployment servers based on a certain cri...

by Engager in

Could not contact master. Check that the master is up, the master_uri= ------------------- and secret are specified c

Could not contact master. Check that the master is up, the master_uri= https://10.32.20.7:8089 and secret are speci...

by New Member in

Confusion around wording in SVA on indexer storage architecture

I am currently assessing the options for indexer storage architecture. I was reading the SVA and it had below stat...

by Contributor in

How much compression do I achieve when I enable TLS between a UF and IDX

Hello, I am playing around with enabling TLS in the chatter between the UF and the IDX and all is working well. I ...

by Path Finder in

Get Updates on the Splunk Community!

Deployment Architecture

Discussions

Search Affinity Disabled on multisite cluster : Search results are incomplete

where i can get endgame Add on for Splunk enterprise 8.1.2

Search head indexes.conf

migrate an existing indexer cluster to smart store

TA deployed with Deployment Server - Where can i make local changes?

Why is my 6.2 license slave not working with my 6.1.4 license master?

How to group similar results from one field?

Forwarder Management >> serverclass.conf not updating

DB Connect not working with rising column

Number of buckets report "unexpected mask=11 expected=0"

Why does Splunk Cloud have search head as standalone and not in a search head cluster ?

Monitor logs of WAN network

Bundle replication response code 500

This keeps appearing in my search head: "Problem Replicating config (bundle) to search peer x.x.x.x:8089, error while transmitting bundle date."

High IO on 2/33 indexers brought down whole cluster

AWS Elastic Beanstalk Failing to Set Up Splunk Universal Forwarder User

[<indexer hostname>] Timed out waiting for peer <indexer hostname>:ingest_pipe=1

Splunk memory usage

The minimum free disk space (5000MB) reached, solve by increasing disk space in Linux?

Can I undo "| delete"?

How splunk create a checksum for each deployment app bundle?

Automatic client deletion in deployment server (similar to manual "delete record" option).

Could not contact master. Check that the master is up, the master_uri= ------------------- and secret are specified c

Confusion around wording in SVA on indexer storage architecture

How much compression do I achieve when I enable TLS between a UF and IDX

.conf25 Global Broadcast: Don’t Miss a Moment

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

State of SIR in ServiceNow not capturing

Offline Logging and oberservability - on permises

v0.116.0 upgrade for EKS cluster gives webhook err...

My servers class Agent allways in Pending status

splunk_internal_telemetry:53 - Failed to send tele...

Deployment Architecture

Are you a member of the Splunk Community?

Discussions