Deployment Architecture

Thread Info

Possible to control which attribute matching is performed on in serverclass?

The other day I noticed a subset of workstation based deployment clients had an app installed that was meant only for...

by Builder in

Splunk 5 Clustering: Indexes not seen In clustering dashboard on the master node

When looking at the clustering dashboard on the master node, only see the default indexes are listed in the index det...

by Splunk Employee in

Add second index cluster to search head

Hi all, Ill try and keep it short and to the point. We have a standalone search head that is currently connected...

by Explorer in

How to get the list of deployment client

Hi Folks, Could you please provide search query to get the list of deployment client from deployment server. Th...

by Explorer in

How to move db location of one Index in Indexer clustering

Hi, My requirement is to move DB location of only one Index but not all Indexes in the same indexer. Is it possible...

by Explorer in

Hardware Requirements for 30GB/Day

Hi, We are planning to move our Splunk environment to our Nutanix infrastructure. We expect our collected logs to b...

by Engager in

rebuild operation for multiple thawed buckets

I am trying to restore data from frozen buckets to Splunk indexer. If I restart the indexer after rebuilding every ...

by Explorer in

How to check replication status of any bucket in an indexer cluster?

Hi, How to check the replication status of any bucket with below details: Replication factor = 4 search factor ...

by Path Finder in

How to t-shoot long-running queries that fail with " auto-canceled/failed due to an error/DAG Execution Exception"?

I have a user that kicks off long-running queries and complains that he gets job failures. "DAG Execution Exception...

by Builder in

Why do I keep getting "free disk space reached" warnings with a smartstore IDX cluster?

Hi - I have a 4 idx cluster with smartstore. I keep seeing these warnings on all 4 idx members >>> Search pee...

by Builder in

Are there any advantages to having Indexes on Search Heads in an Index Cluster Environment?

Hi All I have limited experience with Splunk (just over a year) and I joined a new team with a pretty hefty Splunk...

by Contributor in

How to fix or recreate our deleted super user

Our Splunk instance was setup with a super user that has since been deleted. We do not know how to get back to the ro...

by Explorer in

Replacing an indexer in forwarder's outputs.conf using a deployment server

Can I remove an indexer from deployed forwarders' outputs.conf using the deployment server?

by Explorer in

Migration of Search head clustering

Hi All, We are migrating SHC members from old to new datacenter. There are total 3 members as a part of SHC. Plea...

by Explorer in

Serverclass using CSV

Hi All, I have a case where we want to Whitelist servers using a CSV or TXT file, I tried creating a simple CSV ...

by Engager in

Suggestion to Integrate tools into splunk without using Splunk addons

Hi @gcusello , Can you please guide me on the below.The requirement is like i need to integrate Bitbucket,B...

by Path Finder in

Is it possible to change default indexer IP on universal forwarders using Deployment Server?

Hi, We have multiple indexers within our Splunk infrastructure each receiving logs from Splunk Forwarders within t...

by Builder in

Datamodel Acceleration Consuming High Memory at certain times of the day

Hi Everyone, Our environment consists of an indexer cluster and independent SHs. ES runs on a single SH. We are see...

by Observer in

If I have more Indexes on one Peer Node in a cluster than the other, how can I rebalance them?

so in a simple four Splunk server test lab setup I have one Cluster Master, two Indexers, and one Deployment Server ...

by Contributor in

distsearch.conf can you link replicationBlacklist and dmc_group (peer groups)

in the distsearch.conf on our search head we can blacklist applications [replicationBlacklist]splunk_app1_black...

by Path Finder in

No spec file for: C:\Program Files\Splunk\etc\master-apps\_cluster\local\index.conf

I apologize in advance as variations of this question have been asked before and I Googled it to no end and I just do...

by Contributor in

Determine Host of Bucket Involved in Cluster Fixup Task

If you go to /manager/system/clustering_bucket_details in the Web Interface of the Cluster Master you will get a nice...

by SplunkTrust in

splunk add on builder or forwarder

Hi, I am SE for a company, for our customers, we have log files available via an URL API, ex https://logs.company.com...

by Explorer in

Azure Design Question

Greetings, I have an architectural question about an on-prem to Azure/AWS. It is a complex question, so I'll try to...

by Engager in

Token Error QSDK Rest API

Hi, I have created a script that authenticates via QSDK token and receiving the following message, Except...

by Observer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Deployment Architecture

Discussions

Possible to control which attribute matching is performed on in serverclass?

Splunk 5 Clustering: Indexes not seen In clustering dashboard on the master node

Add second index cluster to search head

How to get the list of deployment client

How to move db location of one Index in Indexer clustering

Hardware Requirements for 30GB/Day

rebuild operation for multiple thawed buckets

How to check replication status of any bucket in an indexer cluster?

How to t-shoot long-running queries that fail with " auto-canceled/failed due to an error/DAG Execution Exception"?

Why do I keep getting "free disk space reached" warnings with a smartstore IDX cluster?

Are there any advantages to having Indexes on Search Heads in an Index Cluster Environment?

How to fix or recreate our deleted super user

Replacing an indexer in forwarder's outputs.conf using a deployment server

Migration of Search head clustering

Serverclass using CSV

Suggestion to Integrate tools into splunk without using Splunk addons

Is it possible to change default indexer IP on universal forwarders using Deployment Server?

Datamodel Acceleration Consuming High Memory at certain times of the day

If I have more Indexes on one Peer Node in a cluster than the other, how can I rebalance them?

distsearch.conf can you link replicationBlacklist and dmc_group (peer groups)

No spec file for: C:\Program Files\Splunk\etc\master-apps\_cluster\local\index.conf

Determine Host of Bucket Involved in Cluster Fixup Task

splunk add on builder or forwarder

Azure Design Question

Token Error QSDK Rest API

Developer Spotlight with Brett Adams

Index This | What can you do to make 55,555 equal 500?

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

Offline Logging and oberservability - on permises

v0.116.0 upgrade for EKS cluster gives webhook err...

Does a props/transforms.conf Visio stencil exist?

My servers class Agent allways in Pending status

splunk_internal_telemetry:53 - Failed to send tele...