Deployment Architecture

Ask a Question

Discussions

Thread Info

How do you find the disabled user along with the availability of their respective adm-user?

We have 2 types of accounts in our organization useradm-user I can find the disabled users in the organization...

by Explorer in

Custom deployment app - separate configs for search heads and forwarders

This is my architecture: 1. A deployment server (DS) with apps within deployment-apps folder 2. Two search heads ...

by Explorer in

How to use Heavy Forwarder servers as a Deployment Server?

Is it possible to use Heavy Forwarder servers as a Deployment Server? Because we have a current implementation scenar...

by Path Finder in

Deployment Server Separate from Heavy Forwarder

Hi everyone, Our deployment consists of an on prem deployment server, on prem heavy forwarder and Splunk Cloud...

by Explorer in

why cluster master distribute an app instead of necessary conf files?

Hi According to the document here, cluster master distributes an app under indexer clustering environment. ht...

by Path Finder in

Can you see stats from the forwarder console from Linux CLI

Can you see stats from the forwarder console from Linux CLI instead?

by Communicator in

Can I download the forwarder with sha1?

Can I download the forwarder with sha1? I only see MD5 offered, but the BigFix script we have needs sha1.

by New Member in

Would Data Rebalance of Primary Cluster Buckets Work on RepFactor=1?

We have a 51-Node Index Cluster where we do not replicate Index bucket copies. We only have a primary copy of the buc...

by Path Finder in

Deployment Server Connection Errors

Greetings, I'm hosting a Splunk Deployment Server in a Kubernetes environment. When I'm using one replica, connect...

by Path Finder in

Certificate Template for a Server Cert

Hello, I have a Windows CA Server to sign my own requests. For the Web Certificate I have used the "Web Server" t...

by Engager in

Splunk is not indexing .gz files and returning gebrish results

Hi, I have some S3 access logs in S3 with .gz suffix which is not read by Splunk I am using AWS Add-On to col...

by Path Finder in

smart store : S3 bucket config on Splunk Cloud

I have a Splunk cloud and trying to find where to configure S3 Bucket info for smart store?

by New Member in

How to install Unified Forwarder Monitoring App for Splunk ?

Hello everyone I'm looking for how to monitor status of forwarders. I have seen this app " Unified Forwarder Monito...

by Explorer in

Automate Splunk configuration files backup on day basis

Hi, I'd like to automate Splunk config files backup process for every 24 hours. Is there any Apps/Scripts avail...

by Explorer in

I am getting a lot of Internal Server Error 500 with in an App

I created an app contain most of the required element include macro, lookup, navigator, UI, savedsearches, etc. howe...

by Explorer in

'Local side shutting down' error on a search head after applying shcluster bundle

Hello everyone,After adding some data to Splunk and running apply cluster bundle & apply shcluster bundle commands, s...

by Path Finder in

UF not sending data to HF on 9997

Hi How should I set TLS settings to compatible with HF or cert for Universal Forwarder to send data to HF because m...

by Explorer in

Search head returning no results from peer

I have a fairly basic deployment - one Search Head configured with two distributed search peers/indexers. Each peer i...

by Explorer in

Changing address of indexers for universal forwarders altogether

Hi, I want to know how we can change address of indexers for universal forwarders from deployment server as we have...

by Explorer in

How to assign a Splunk server multiple roles?

How to assign a Splunk server multiple roles? For example how can I assign my License Master to also be a Search head...

by Builder in

Restart order/procedure after updating server.conf with new master_uri & pass4SymmKey

Hi Guys, I have: 1 x Search Node1 x Master Node - 2 x Peer Nodes1 x Deployment Node I've updated the master_uri...

by Explorer in

Is the hybrid search head limited to 90 days

Hi, I recently completed the Splunk Cloud Admin course and it made mention that a Hybrid Search Head could be set u...

by Path Finder in

Precedence of log retention configuration

Hi Team,Our Splunk License is going to get expired and we are working to get a new license .Our current environment i...

by Observer in

Change deployment server IP on clients

Hi, I have bunch clients pointing to deployment server A, I need to make those clients to connect to deployment se...

by Path Finder in

How do I move 5 indexers (cluster 2) to our larger Index cluster (cluster 1)?

We have two index clusters, one has 5 indexers (cluster 2) and the other had 100+ indexers (cluster 1). We want t...

by Loves-to-Learn Lots in

Get Updates on the Splunk Community!

Deployment Architecture

Discussions

How do you find the disabled user along with the availability of their respective adm-user?

Custom deployment app - separate configs for search heads and forwarders

How to use Heavy Forwarder servers as a Deployment Server?

Deployment Server Separate from Heavy Forwarder

why cluster master distribute an app instead of necessary conf files?

Can you see stats from the forwarder console from Linux CLI

Can I download the forwarder with sha1?

Would Data Rebalance of Primary Cluster Buckets Work on RepFactor=1?

Deployment Server Connection Errors

Certificate Template for a Server Cert

Splunk is not indexing .gz files and returning gebrish results

smart store : S3 bucket config on Splunk Cloud

How to install Unified Forwarder Monitoring App for Splunk ?

Automate Splunk configuration files backup on day basis

I am getting a lot of Internal Server Error 500 with in an App

'Local side shutting down' error on a search head after applying shcluster bundle

UF not sending data to HF on 9997

Search head returning no results from peer

Changing address of indexers for universal forwarders altogether

How to assign a Splunk server multiple roles?

Restart order/procedure after updating server.conf with new master_uri & pass4SymmKey

Is the hybrid search head limited to 90 days

Precedence of log retention configuration

Change deployment server IP on clients

How do I move 5 indexers (cluster 2) to our larger Index cluster (cluster 1)?

.conf25 Global Broadcast: Don’t Miss a Moment

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

State of SIR in ServiceNow not capturing

Offline Logging and oberservability - on permises

v0.116.0 upgrade for EKS cluster gives webhook err...

My servers class Agent allways in Pending status

splunk_internal_telemetry:53 - Failed to send tele...

Deployment Architecture

Are you a member of the Splunk Community?

Discussions