Deployment Architecture

Discussions

Thread Info

Rolling Upgrade on a big cluster

With hundreds of indexer nodes in a cluster, it might take more than one business day to upgrade them all during a ro...

by Engager in

Why does the master node, peer nodes, and search head have to be on its own instance?

We have a single server that is running indexer, master and search head. As we only have 1 server, it is a single poi...

by Engager in

Splunk Deployment Server

Hi I am a newbee to SPLUNK and am not sure how to set up the Deployment Server, Could anyone guide me with it. Th...

by New Member in

Index=perfmon deleted but still data is coming in

We get performance monitor data from windows_ta and windows_ta_dns ..We no longer need the data and dont care about o...

by Builder in

When I run $SPLUNK_HOME/bin/splunk apply shcluster-bundle -action stage on my deployer, I get Your session is invalid. Please login.

I put an app onto our deployer server under /opt/splunk/etc/shcluster/apps , ran the following: sudo su splunk cd ...

by Path Finder in

How to create ad-hoc reports on a new server

For single server Web Traffic Hits Total page hits per hour per day for the last 10 days CPU Utilization over time C...

by Loves-to-Learn Everything in

How do I find out how many indexes in my splunk environment?

Hey guys, I am relatively new to splunk, and I was wondering if there is a way to find out how many indexes are in...

by Engager in

Why do newly created indexes not show up on the search head?

Hi fellow Splunkers! I have a working distributed environment, containing an indexer cluster with a separate maste...

by Motivator in

Splunk on Kubernetes - replication constraints

Hi, i am running Splunk on Kubernetes with SmartStore. In order to increase node CPU/memory utilization, I have co...

by New Member in

Cold to Frozen buckets question

Hi @All, I will explain my situation now: On my Splunk Enterprise (7.2.6) environment I have configured the option...

by New Member in

How to set a new pass4SymmKey password on a search head cluster deployer?

Hello, We have a Search head cluster in our environment and the person who set up the Deployer initially forgot th...

by Motivator in

Migrating files from etc/system to slave-apps in cluster

Hi, i was running a single indexer which has props / transforms in etc/system/local. The indexer was migrated to a...

by Builder in

Deployment Server - local folder not being pushed to Search Head cluster

On my Deployment server in the /opt/splunk/etc/deployment-apps directory, I have the Splunk_TA_f5-bigip app with a lo...

by Influencer in

Why is collectd service is not sending data to splunk on Ubuntu 16?

collectd service is not sending data to splunk on Ubuntu 16. Jan 28 08:07:10 cga2ubctd systemd[1]: Starting Statis...

by New Member in

Distributed Tracing View

Hi All, We have logs from IIS Servers and application service k8s pod logs which details TraceId, SpanId and pare...

by New Member in

The average load on our linux heavyforwarder is around 20, what can I do to reduce it and will increasing core count help in ways ?

The average load on our linux heavyforwarder is around 20. what can i do to reduce it and will increasing core count ...

by Path Finder in

Multi-site architecture - Is it possible to set different retention timeframes for the same index at two different sites?

In the multi-site architecture models, it is not clear what settings on retention are available to you. Is it poss...

by Path Finder in

How to create a splunk query that will list the applications on the members of the search head cluster?

i need a splunk query that will the list the applications on each member of the search head cluster. i am running the...

by Explorer in

Can we administer the serverclass.conf via the UI only?

Yesterday I saw the following within serverclass.conf - [serverClass:<name>] whitelist.0 = <server1>.<domain>.com...

by Motivator in

timechart span not working

index="myindex" cluster="mycluster" http_request="/" | bucket _time span=5m | timechart count by x_forwarded_for useo...

by Explorer in

Whats the best practice to manage app deployment on non-clustered indexers managed by deployment server ?

Everytime I do splunk reload deploy-server, it restarts both the Indexers (which are being managed by DS), which is o...

by Motivator in

How to run a linux command on remote machine via splunk GUI, on demand only?

I have splunk instance running on one linux server. I have python code on another linux server, which I run manually ...

by Explorer in

Distsearch.conf in system/local modified after i push any app from deployer to SHC

Distsearch.conf in system/local modified after i push any app from deployer to SHC. Not sure why? why it is modified?...

by Motivator in

How do I empty an index in an indexer cluster

Clients wanted a change in how there data was displayed using the sourcetype they first used. How do I remove all of ...

by Path Finder in

Data rebalancing is not working

Hi guys, We tried data rebalancing. But nothing happens. We are forwarding data from universal forwarder using ...

by Explorer in

Get Updates on the Splunk Community!

Deployment Architecture

Discussions

Rolling Upgrade on a big cluster

Why does the master node, peer nodes, and search head have to be on its own instance?

Splunk Deployment Server

Index=perfmon deleted but still data is coming in

When I run $SPLUNK_HOME/bin/splunk apply shcluster-bundle -action stage on my deployer, I get Your session is invalid. Please login.

How to create ad-hoc reports on a new server

How do I find out how many indexes in my splunk environment?

Why do newly created indexes not show up on the search head?

Splunk on Kubernetes - replication constraints

Cold to Frozen buckets question

How to set a new pass4SymmKey password on a search head cluster deployer?

Migrating files from etc/system to slave-apps in cluster

Deployment Server - local folder not being pushed to Search Head cluster

Why is collectd service is not sending data to splunk on Ubuntu 16?

Distributed Tracing View

The average load on our linux heavyforwarder is around 20, what can I do to reduce it and will increasing core count help in ways ?

Multi-site architecture - Is it possible to set different retention timeframes for the same index at two different sites?

How to create a splunk query that will list the applications on the members of the search head cluster?

Can we administer the serverclass.conf via the UI only?

timechart span not working

Whats the best practice to manage app deployment on non-clustered indexers managed by deployment server ?

How to run a linux command on remote machine via splunk GUI, on demand only?

Distsearch.conf in system/local modified after i push any app from deployer to SHC

How do I empty an index in an indexer cluster

Data rebalancing is not working

Cultivate Your Career Growth with Fresh Splunk Training

Introducing a Smarter Way to Discover Apps on Splunkbase

How to Send Splunk Observability Alerts to Webex teams in Minutes

Offline Logging and oberservability - on permises

v0.116.0 upgrade for EKS cluster gives webhook err...

Does a props/transforms.conf Visio stencil exist?

My servers class Agent allways in Pending status

splunk_internal_telemetry:53 - Failed to send tele...

Deployment Architecture

Are you a member of the Splunk Community?

Discussions