- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So I've tried the following suggested configurations:
http://docs.splunk.com/Documentation/Splunk/6.2.0/DistSearch/Forwardsearchheaddata
https://answers.splunk.com/answers/30622/how-to-turn-off-indexing-on-dedicated-search-head.html (doesn't seem to apply to 6.3.3)
https://answers.splunk.com/answers/106166/if-there-is-an-outputs-conf-on-a-dedicated-search-head-doe...
and here is my /opt/splunk/etc/apps/all_forwarder_outputs/local/outputs.conf
BASE SETTINGS
[indexAndForward]
index = false
[tcpout]
defaultGroup = primary_indexers
indexAndForward = false
[tcpout:primary_indexers]
server = indexer1:9997, indexer2:9997
autolb settings
autoLB=true
autoLBFrequency=15
forceTimebasedAutoLB=true
Yet when I look at my Distributed Management Console, it still thinks my search head is also an Indexer.
Is there another outputs.conf I should be configuring?
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For the DMC app, there is a "General Setup" page under the "Settings" pulldown. Under this page you can set your server roles by editing your servers and assinging whether they are a Search Head, Indexer, License Server, etc.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For the DMC app, there is a "General Setup" page under the "Settings" pulldown. Under this page you can set your server roles by editing your servers and assinging whether they are a Search Head, Indexer, License Server, etc.
