Getting Data In

What is the location of Common/Shared/Replicated configurations for members in a Splunk 6.2 Search Head Cluster on Windows?

Sourabhv05
Communicator

I have configured Search Head Clustering in my Distributed Environment which is working Perfectly fine.

I need to know what is the shared location for Search head cluster members from where they share the common configurations. Also if they replicate the configurations, where can I see these configurations in my Search Head Cluster?

0 Karma

NOUMSSI
Builder

Hi,

You can see the configuration of your Search Head in this file: distsearch.conf in $SPLUNK_HOME/etc/system/local/ or $SPLUNK_HOME/etc/system/default/

shared storage location for Search head cluster members from where they share the common configurations is the share directory for Search head cluster members. It means that each cluster member must have an access to that directory to prevent the fact that if one search head is defective, others members will done his work. To do so, they replicate the configurations.
That shared storage location is: $SPLUNK_HOME/etc directory

Sourabhv05
Communicator

Hi NOUMSSI,

Thanks for your Prompt response. Where my saved searches and alerts will get stored? I mean the shared location for them from where other members will pickup those reports, searches, alerts and dashboards ?

Regards,
Sourabh

0 Karma

NOUMSSI
Builder

Yes because reports, searches, alerts and dashboards are contained in one or more app(s) and all apps are storaged in the apps directory ($SPLUNK_HOME/etc/apps) wich is a subdirectory of $SPLUNK_HOME/etc.

0 Karma

NOUMSSI
Builder

If your problem is solved, don't forget to accept my answer by clicking on "Accept" below their answer.

0 Karma
Get Updates on the Splunk Community!

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...

Enterprise Security Content Update (ESCU) | New Releases

In October, the Splunk Threat Research Team had one release of new security content via the Enterprise ...