Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

creating a lookup with search-head pooling

a212830
Champion
‎05-23-2014 05:37 AM

Hi,

We just implemented search-head pooling. I have a lookup that gets generated via wget. How do people handle situations like this? I don't want to tie the scripts to a specific server, but I also want to make sure it runs when one of the servers is down. Is there a way to have Splunk run it, but not generate indexed data?

0 Karma
Reply

ewoo
Splunk Employee
Splunk Employee
‎06-27-2014 04:25 PM

One option: create a Python search command that updates your lookup. Then, schedule a search that invokes that search command on a desired interval (e.g. every night at midnight). The search heads in your pool will coordinate such that only one instance runs the scheduled search "at a time" (i.e. only one instance in the pool will run the scheduled search, per interval).

0 Karma
Reply
Get Updates on the Splunk Community!

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users

This article is the continuation of the “Combine multiline logs into a single event with SOCK - a step-by-step ...

Everything Community at .conf24!

You may have seen mention of the .conf Community Zone 'round these parts and found yourself wondering what ...

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...