Getting Data In

I added a third Index to my Cluster Master How do I tell my forwarders to send data to the new index

ajromero
Path Finder

I added a third Index to my Cluster Master How do I tell my forwarders to send data to the new index or how my forwarders know about the new index

thank you

Labels (1)
Tags (1)
0 Karma
1 Solution

isoutamo
SplunkTrust
SplunkTrust

Hi

there are two way to do it

  1. manually in outputs.conf 
  2. using indexer discovery with CM

and of course combination of those.

In most cases indexer discovery is the easiest way to manage this especially if you add and remove indexers or those ip/names change regularly. Here is instructions how to configure it https://docs.splunk.com/Documentation/Splunk/8.0.6/Indexer/indexerdiscovery 

If you are using manual method then just add the new one to same stanza in outputs.conf than old ones are. Based on your environment this can do with DS, other automation tool or manually.

r. Ismo

View solution in original post

isoutamo
SplunkTrust
SplunkTrust

Hi

there are two way to do it

  1. manually in outputs.conf 
  2. using indexer discovery with CM

and of course combination of those.

In most cases indexer discovery is the easiest way to manage this especially if you add and remove indexers or those ip/names change regularly. Here is instructions how to configure it https://docs.splunk.com/Documentation/Splunk/8.0.6/Indexer/indexerdiscovery 

If you are using manual method then just add the new one to same stanza in outputs.conf than old ones are. Based on your environment this can do with DS, other automation tool or manually.

r. Ismo

Get Updates on the Splunk Community!

Thanks for the Memories! Splunk University, .conf24, and Community Connections

Thank you to everyone in the Splunk Community who joined us for .conf24 – starting with Splunk University and ...

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...