Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

What are the federated search requirements for remote dataset?

FritzWittwer
Path Finder
‎05-16-2022 09:44 PM

I am trying to setup a federated index, on a federated search head, but i am only able to select an index as the remote dataset. the drop down for dataset type does not offer any other option. How do i have to configure the dataset on the remote search head in order to be able to use it on the federated search head.

Bot systems are clustered search heads running Splunk enterprise 8.2.2

Labels (1)
Labels
Tags (1)
0 Karma
Reply

FritzWittwer
Path Finder
‎05-19-2022 02:26 AM

Found the Answer, only indexes can be accessed with a federated search, see Create a federated index

Dataset SpecificationSpecify the Type of remote dataset that this federated index maps to and provide the Object Name for the dataset. Currently, only the Index dataset type is available.

For Object Name you must provide the name of an index that currently exists on the selected federated provider.		The dataset Type defaults to Index.

Object Name has no default.
 
 
 
0 Karma
Reply
Get Updates on the Splunk Community!

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...

Adoption of Infrastructure Monitoring at Splunk

  Splunk's Growth Engineering team showcases one of their first Splunk product adoption-Splunk Infrastructure ...