Deployment Architecture

Community Activity

Splunk Periodic Cleanup Activities With Splunk for Windows and Splunk Enterprise Security. Are there specific periodic maintenance tasks that need to be... by tk111 Engager in Deployment Architecture 06-03-2021 0 3	0	3
Some cost calculation by counting the number of characters per line and grouping We want to work on some cost calculation by counting the number of characters per line and grouping the size per cust... by anil1432 Explorer in Deployment Architecture 06-01-2021 0 2	0	2
What should we do with the replication factor when half of the indexers are off? Half of the eight indexers will be off for potentially a day, so we'll have four indexers available for that time. Ou... by danielbb Motivator in Deployment Architecture 06-01-2021 0 1	0	1
Splunk does not switch to another index group when one fails Hi,I have the following outputs.conf on my Splunk Heavy Forwarder: defaultGroup = indx1 [tcpout:indx1] server=1.1.1.... by termcap Path Finder in Deployment Architecture 05-31-2021 0 4	0	4
NON CLUSTER INDEXERS ONE SEARCH HEAD - WHERE DO I UPDATE PROPS.CONF I inherited a one SH and 2 indexers , 1 LM, one Deployment server supporting forwarders.I have too on board data and... by jcorcoran508 Path Finder in Deployment Architecture 05-28-2021 0 3	0	3
Can Splunk send message to IBM Websphere MQ? Good day!I want to know if it's possible to use splunk as a recovery option?this means that Splunk will be sending me... by chiennylin New Member in Deployment Architecture 05-27-2021 0 0	0	0
What the best architecture for Head Office and Branch Office? Hello!We have two offices: Head and Branch. The Head office has a Splunk infrastructure (Enterprise Security), which ... by ipl New Member in Deployment Architecture 05-26-2021 0 1	0	1
List of possible reasons for hot buckets rolling to warm ("caller"?) We have been getting messages about high percentage of small buckets. I set logging to DEBUG on one of our indexers ... by mosmond Engager in Deployment Architecture 05-24-2021 1 3	1	3
HEC Log Drop During Bundle Reload Hi Splunkers,Good day. My HEC tokens are currently configured in the Indexer Cluster, and during Indexer Bundle Push ... by arielpconsolaci Path Finder in Deployment Architecture 05-23-2021 0 0	0	0
Implementing Splunk in PCI environment with Multiple PCI Zones One of our customer is looking to setup a SOC with a SIEM solution and they want to monitor and manage multiple PCI z... by Dograv New Member in Deployment Architecture 05-21-2021 0 1	0	1
How to produce empty time buckets In order to perform fast Fourier transform (FFT), I need data from equal time intervals. Here is my first attempt: \|... by yuanliu SplunkTrust in Deployment Architecture 05-21-2021 1 17	1	17
SHC - failed on handle async replicate request I have noticed something odd in a SHC deployment. Im consistently seeing "SHCMasterArtifactHandler - failed on handle... by ahartge Path Finder in Deployment Architecture 05-20-2021 2 3	2	3
Indexer cluster in different datacenters Hi splunk community,In my environment I have 1 indexer each in 2 different datacenters, 1 searchhead, 1 clustermaster... by d_lim Path Finder in Deployment Architecture 05-20-2021 0 0	0	0
[SHClustering] one of 3 Searchheads is not starting after apps pushed to the members. pushed apps to the search head cluster to 3 Searchheads 2 of them working good but one searched URL is not accessible... by sylim_splunk Splunk Employee in Deployment Architecture 05-19-2021 0 1	0	1
Duplicate events in every index I can see that we are having duplicate events in every index, query used to identify the duplicate events:index=* \|ev... by snsaxena Loves-to-Learn Lots in Deployment Architecture 05-19-2021 0 0	0	0
Python Versions in Splunk 8.0 Hello Splunkers!Wish You are safe and healthy from this pandemic.I am using Splunk 8.0 Version, because it gives the ... by sarvesh_11 Communicator in Deployment Architecture 05-18-2021 0 7	0	7
Debugging app deployment to AWS cluster Hello, I have an on-prem Splunk cluster and an AWS cluster. Each one has its own indexers and clustermaster, though o... by dave_null Path Finder in Deployment Architecture 05-18-2021 0 0	0	0
Error "Search auto-canceled" after upgrading to OEL7 I am getting an error "Search auto-canceled" after upgrading to OEL7 on search file.05-18-2021 14:15:40.913 INFO... by shreya17 Explorer in Deployment Architecture 05-17-2021 1 0	1	0
[smartstore] splunk smartstore and Data integrity This question has come up a few times, how does Splunk handle data integrity in large ES implementation. On Splunk do... by rbal_splunk Splunk Employee in Deployment Architecture 05-14-2021 0 2	0	2
ERROR DispatchReaper - Failed to reap We had to restore the Splunk indexer from a backup, loosing the 'colddb'. I now see the folowing ERROR in splunk.log,... by scheckenbachb Explorer in Deployment Architecture 05-13-2021 0 2	0	2
What type of restart happens during a normal indexer cluster rolling restart? When an indexer is restarted during a normal rolling restart, does it shutdown via the `offline` method? Or does it d... by muebel SplunkTrust in Deployment Architecture 05-11-2021 0 0	0	0
Splunk free - setting up a distributed environement (Search Head, 1 IDX, 1 UF, maybe a deployment server) Hey Splunksters,My work environment is switching from Windows (large distributed enviro) to Linux pretty soon.I'd lik... by spluzer Communicator in Deployment Architecture 05-07-2021 0 4	0	4
How do you find the disabled user along with the availability of their respective adm-user? We have 2 types of accounts in our organization useradm-user I can find the disabled users in the organization, bu... by deepak007 Explorer in Deployment Architecture 05-06-2021 0 4	0	4
Custom deployment app - separate configs for search heads and forwarders This is my architecture:1. A deployment server (DS) with apps within deployment-apps folder2. Two search heads (SH)3.... by alekwisnia Explorer in Deployment Architecture 05-05-2021 0 1	0	1
How to use Heavy Forwarder servers as a Deployment Server? Is it possible to use Heavy Forwarder servers as a Deployment Server? Because we have a current implementation scenar... by jfeitosa_real Path Finder in Deployment Architecture 04-30-2021 0 12	0	12