Deployment Architecture

Start a Conversation

Discussions

Start a Conversation

Thread Info

why is /opt/splunk/var/run/splunk/cluster/search-buckets filling up?

Indexer '/splunk/var/run/splunk/cluster/search-buckets/ ' Files are still piled up. What is the purpose of the fil...

by New Member in

SSL configuration causing Mongo issues

Hello, I was hoping for some additional thoughts, after I updated my Search Head to use custom certs I started get...

by Explorer in

Replication Fector and Search Artifact

Can some one pleace explain me the replation between Replication Fector and Search Artifact.

by Explorer in

Splunk Architecture in own words

Hello, Now that I am done with the exam, I want to explain Splunk Architecture in my own understanding elements. Kind...

by Communicator in

After upgrading my Indexer Cluster to 8.0.1, why is the replication status "pending"?

I have two indexers in my Splunk environment running in the cluster mode. After upgrading the Splunk cluster from ver...

by Explorer in

How to discover if a search head cluster captain is static, dynamic, using CLI, or .conf files

How can I figure out that in established SHC showing captain is static or dynamic, using CLI or .conf files? I mean w...

by Explorer in

Docker image search cluster configuration fails in splunk-ansible: 'FAILED - RETRYING: Destructive sync search head'

We're using the docker images at https://hub.docker.com/r/splunk/splunk to install splunk in kubernetes. We're curren...

by Explorer in

Migrate data from test environment(SH+DS+indexer on same server) to prod environment (New DS , New SH and add 2 new indexers)

Hi Planning to migrate data from current environment to future environment! Current = (One search head + one in...

by Explorer in

Help on Splunk deployment plan

Hello friends, We want to deploy splunk in a new site and we have 2 powerful server with SSD storage, We need to have...

by Path Finder in

Log retention period

Hi, Logs after indexing is sent to Search head. We have below settings Searchable Time (days) = 90 days Archie...

by Builder in

How to resolve "err=not_connected" error in Deployment Server configurations

I receive the above error. I'm trying to monitor a directory from my local computer (UF installed) and checking the o...

by New Member in

What files to modify too add a Universal Forwader input in Splunk Free

Hello Everyone, I was using Splunk Enterprise and my license had expired but I still want to have additional input...

by New Member in

Deployer sends restart with /opt/splunk/bin/splunk restart, systemctl loses status

When the deployer sends a restart with /opt/splunk/bin/splunk restart, that changes the value I get with systemctl st...

by Engager in

Splunkforwarder 7.3.3 linux enable boot-start bug

What is the point of the "splunk enable boot-start" enabling then immediately disabling the service at boot-start? ...

by New Member in

Splunk 7.2.3 Deployment Server Automatic splunkforwarder restart

Hi all, we are experiencing problem with the Deployment Server after the 7.2.3 release. The Universal Forwarder is in...

by Explorer in

How can I check whether the data is being forwarded to indexer

How can I check whether the data from a server is being forwarded to indexer.

by Explorer in

Best practice to deploy client apps to Splunk servers?

What are the detailed steps to deploy client apps (mainly inputs.conf) to Splunk servers (indexers, SHs, deployment s...

by Contributor in

Can we list the hot buckets?

With all the discussions about smartstore here, there is some sort of treatment of the hot buckets mechanism as a coh...

by Motivator in

important port numbers for Fundamental 1

Hello, I know the following port numbers for Splunk, please let me know if I need anything more to remember. splunk w...

by Communicator in

What is the process and the effect of changing the `shcluster_label` parameter in `server.conf` in a search head cluster (SHC)?

If there is a SHC whose shcluster_label is my_old_shc and I want to change it to my_new_shc, how would I change it so...

by Engager in

Get Updates on the Splunk Community!

Deployment Architecture

Discussions

why is /opt/splunk/var/run/splunk/cluster/search-buckets filling up?

SSL configuration causing Mongo issues

Replication Fector and Search Artifact

Splunk Architecture in own words

After upgrading my Indexer Cluster to 8.0.1, why is the replication status "pending"?

How to discover if a search head cluster captain is static, dynamic, using CLI, or .conf files

Docker image search cluster configuration fails in splunk-ansible: 'FAILED - RETRYING: Destructive sync search head'

Migrate data from test environment(SH+DS+indexer on same server) to prod environment (New DS , New SH and add 2 new indexers)

Help on Splunk deployment plan

Log retention period

How to resolve "err=not_connected" error in Deployment Server configurations

What files to modify too add a Universal Forwader input in Splunk Free

Deployer sends restart with /opt/splunk/bin/splunk restart, systemctl loses status

Splunkforwarder 7.3.3 linux enable boot-start bug

Splunk 7.2.3 Deployment Server Automatic splunkforwarder restart

How can I check whether the data is being forwarded to indexer

Best practice to deploy client apps to Splunk servers?

Can we list the hot buckets?

important port numbers for Fundamental 1

What is the process and the effect of changing the `shcluster_label` parameter in `server.conf` in a search head cluster (SHC)?

Platform Newsletter Highlights | March 2023

Enterprise Security Content Updates (ESCU) - New Releases

Thought Leaders are Validating Your Hard Work and Training Rigor

What proxy rules are needed to allow install for a...

Why do Fixup tasks still present after rolling res...

Rolling Upgrade of Search Head Cluster does not au...

Documentation no Multiple splunk MSaaS or multi te...

O365 API Keys expiring: Are there different Splunk...