Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

What are the federated search requirements for remote dataset?

FritzWittwer
Path Finder
‎05-16-2022 09:44 PM

I am trying to setup a federated index, on a federated search head, but i am only able to select an index as the remote dataset. the drop down for dataset type does not offer any other option. How do i have to configure the dataset on the remote search head in order to be able to use it on the federated search head.

Bot systems are clustered search heads running Splunk enterprise 8.2.2

Tags (1)
0 Karma
Reply

FritzWittwer
Path Finder
‎05-19-2022 02:26 AM

Found the Answer, only indexes can be accessed with a federated search, see Create a federated index

Dataset SpecificationSpecify the Type of remote dataset that this federated index maps to and provide the Object Name for the dataset. Currently, only the Index dataset type is available.

For Object Name you must provide the name of an index that currently exists on the selected federated provider.		The dataset Type defaults to Index.

Object Name has no default.
 
 
 
0 Karma
Reply
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...