Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

What is the location of Common/Shared/Replicated configurations for members in a Splunk 6.2 Search Head Cluster on Windows?

Sourabhv05
Communicator
‎04-14-2015 02:58 AM

I have configured Search Head Clustering in my Distributed Environment which is working Perfectly fine.

I need to know what is the shared location for Search head cluster members from where they share the common configurations. Also if they replicate the configurations, where can I see these configurations in my Search Head Cluster?

0 Karma
Reply

NOUMSSI
Builder
‎04-14-2015 03:57 AM

Hi,

You can see the configuration of your Search Head in this file: distsearch.conf in $SPLUNK_HOME/etc/system/local/ or $SPLUNK_HOME/etc/system/default/

shared storage location for Search head cluster members from where they share the common configurations is the share directory for Search head cluster members. It means that each cluster member must have an access to that directory to prevent the fact that if one search head is defective, others members will done his work. To do so, they replicate the configurations.
That shared storage location is: $SPLUNK_HOME/etc directory

Reply

Sourabhv05
Communicator
‎04-14-2015 04:25 AM

Hi NOUMSSI,

Thanks for your Prompt response. Where my saved searches and alerts will get stored? I mean the shared location for them from where other members will pickup those reports, searches, alerts and dashboards ?

Regards,
Sourabh

0 Karma
Reply

NOUMSSI
Builder
‎04-14-2015 04:47 AM

Yes because reports, searches, alerts and dashboards are contained in one or more app(s) and all apps are storaged in the apps directory ($SPLUNK_HOME/etc/apps) wich is a subdirectory of $SPLUNK_HOME/etc.

0 Karma
Reply

NOUMSSI
Builder
‎04-14-2015 02:54 PM

If your problem is solved, don't forget to accept my answer by clicking on "Accept" below their answer.

0 Karma
Reply
Get Updates on the Splunk Community!

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Reimagine what you can do with your dashboards. Dashboard Studio is Splunk’s newest dashboard builder to ...

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...