Deployment Architecture

Ask a Question

Discussions

Thread Info

Retrieved missing data that was not forwarded when the splunk forwarder is stopped.

Hello, There is a splunkforwarder that was stopped for a week without our knowledge and the data from that server ...

by Explorer in

Best practices Migrating from standalone indexers to a multisite indexer cluster and a search head cluster

Hello, Actually, we have 6 indexers and 1 SH. We are migrating our platefrom to a multisite indexer cluster with 1...

by Communicator in

Questions about migrating a single-site cluster to a multisite cluster

Hey Guys, We are planning to migrate a single-site cluster to a multisite cluster. For converting single-site bucket...

by Path Finder in

Movement of buckets in an indexer cluster

Hello All, today someone asked me a question about bucket movement in an indexer cluster. Lets say i have 5 indexer i...

by Communicator in

The percentage of non high priority searches lagged (100%) over the last 24 hours is very high and exceeded the yellow thresholds (40%) on this Splunk instance. Total Searches that were part of this percentage=1. Total lagged Searches=1

what does it mean please? The percentage of non high priority searches lagged (100%) over the last 24 hours is ver...

by New Member in

Can't view Web Interface " ERR_CONNECTION_REFUSED"

Hello everybody, I have just installed Splunk, all ports are ok, firewalld is down. But i cant acced to the inter...

by Engager in

Splunk server need to be taken care before updating linux patch

Hi All, Could you please share the steps which need to be perform at Splunk level before updating linux patch and...

by Explorer in

How to migrate KV store data from a search head standalone to a search head cluster ?

Hello, I have a standalone search head with KVstores. I want to migrate the KVstores to a search head cluster with...

by New Member in

Is it possible to group by tcp ports with "TCP_High_Port" or "UDP_High_Port" instead?

I have list of output here from command. With stats command it comes with long list of service (tcp or udp high ports...

by New Member in

インデックスのデータを時間経過で自動削除したい

現在インデックス内のデータ量が増え続ける為、自動で1年経過したデータを削除させたいです。どのように設定すれば、1年経過したデータを自動で削除させることが出来ますか？ -English- Since the amount of ...

by Engager in

Cluster Command Grouping

Hi, Need help on below issue. I am using cluster command for Summary field. source="sample_data.csv" index="inc...

by New Member in

Cannot convert to ConfigInfo

Hi , a few days ago we upgraded our shc CPU's then this error started. 11-27-2019 08:04:27.338 +0300 ERROR SHC...

by Engager in

Error message on Openshift

The docker image is running file and I am able to login also. When I deploy the same in the openshift it is throwi...

by Engager in

Index and forward events on indexer

Hi all, i have a Splunk indexer (version 6.2.14) that receives events from a Splunk forwarder (same version). On t...

by Loves-to-Learn Everything in

Why are bucket times expanding?

I've read a few other forum posts with similar issues but I never found a true solution for. Overall I'm trying to mo...

by Path Finder in

Search head cluster captain overloaded with jobs waiting at 100% or 0% post upgrade from 6.2.x to 6.4.1 (On Solaris)

Indexer cluster with 30 peers Search head cluster of 5 instances connected to the indexer cluster Configured a sched...

by Communicator in

Splunk indexing is not working

Team, Geeting below error while indexing. Please let me know how can we fix this? 11-25-2019 07:39:35.796 -0500...

by New Member in

How many DMCs are needed in Active-Active Multisite architecture ?

We are planning to build an ACTIVE-ACTIVE multisite Splunk deployment, wherein each data center will have its own clu...

by Loves-to-Learn Everything in

Shutdown and start order in a clustered /distributed architecture

HI, I have an environment with the following architecture: 2 Search Heads, 2 Idx, 1 Dep Server, 1 Cluster Master, ...

by New Member in

Is there a REST API call for getting the status of a Search Head Cluster (SHC)?

Planning to use search head clustering and we need the ability to check search head cluster status by REST API call. ...

by Communicator in

How do I configure Distributed Search Groups for a clustered Indexer environment?

Question: How to configure Distributed Search Groups - distsearch.conf - on a Search head that run searches across bo...

by Communicator in

upgrade to 7.2 fails with "ERROR while running mongod-fix-voting-priority migration."

Splunk start produces error below and stopped running. So far it failed on 2 servers in a row. Any suggestions? ...

by Splunk Employee in

Does Splunk monitor and alert on changes to servers (and potentially desktops) configurations?

by New Member in

Is it possible to use defaultGroup setting in a server.conf file?

Hi I want to understand is it possible to use 'defaultGroup' setting in the server.conf file. I can see in the docume...

by New Member in

Restrict searches from unowned search head in indexer cluster

We have a 3 node indexer cluster with one search head. We have allowed another team to connect their search head to o...

by Path Finder in

Get Updates on the Splunk Community!

Deployment Architecture

Discussions

Retrieved missing data that was not forwarded when the splunk forwarder is stopped.

Best practices Migrating from standalone indexers to a multisite indexer cluster and a search head cluster

Questions about migrating a single-site cluster to a multisite cluster

Movement of buckets in an indexer cluster

The percentage of non high priority searches lagged (100%) over the last 24 hours is very high and exceeded the yellow thresholds (40%) on this Splunk instance. Total Searches that were part of this percentage=1. Total lagged Searches=1

Can't view Web Interface " ERR_CONNECTION_REFUSED"

Splunk server need to be taken care before updating linux patch

How to migrate KV store data from a search head standalone to a search head cluster ?

Is it possible to group by tcp ports with "TCP_High_Port" or "UDP_High_Port" instead?

インデックスのデータを時間経過で自動削除したい

Cluster Command Grouping

Cannot convert to ConfigInfo

Error message on Openshift

Index and forward events on indexer

Why are bucket times expanding?

Search head cluster captain overloaded with jobs waiting at 100% or 0% post upgrade from 6.2.x to 6.4.1 (On Solaris)

Splunk indexing is not working

How many DMCs are needed in Active-Active Multisite architecture ?

Shutdown and start order in a clustered /distributed architecture

Is there a REST API call for getting the status of a Search Head Cluster (SHC)?

How do I configure Distributed Search Groups for a clustered Indexer environment?

upgrade to 7.2 fails with "ERROR while running mongod-fix-voting-priority migration."

Does Splunk monitor and alert on changes to servers (and potentially desktops) configurations?

Is it possible to use defaultGroup setting in a server.conf file?

Restrict searches from unowned search head in indexer cluster

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Transform your security operations with Splunk Enterprise Security

Splunk Admins and App Developers | Earn a $35 gift card!

How to install Splunk UF to AIX ?

Splunk Intermediate Forwarder Setup

CMMC Version 2.0

Stream forwarder only works when running as root

Search Cluster Overwriting etc/system/local/inputs...