Getting Data In

index replication in custom index

Path Finder

i have created a new index DAP in cluster master and shared the configuration of this new indexes.conf with all peers.
i put the file in cluster master folder ../_cluster/local/ then distribute the bundle to all peer.
i have CM1 , IDX1,IDX2,IDX3 and IDX4.
Now from Heavy forwarder i am forwarding the data to IDX2 index name DAP. In search i am able to search the data,

My question here is - 1) why DAP index is not replicating? all the time in search head, i am getting my data from IDX2 DAP index, why not from other IDXs
2) Can i directly forward heavy forwarder data to cluster master index DAP? will it work?

My conf in HF is -


disabled = false
index = dap


server = IDX2:9997
useACK = true

Tags (1)
0 Karma
1 Solution

Splunk Employee
Splunk Employee

Have a look here:

You need to specify the following setting for your index in order to have it replicate to other peers in the cluster.

repFactor = auto

View solution in original post

Splunk Employee
Splunk Employee

Have a look here:

You need to specify the following setting for your index in order to have it replicate to other peers in the cluster.

repFactor = auto

Ultra Champion

I have to remind myself to never assume.
better make this setting global to avoid future problem as yo encountered now

0 Karma

Ultra Champion

what are your replication factor and search factor?
do you see the index configuration in all indexers? IDX1, IDX2 etc?
how can you tell your data is served only from IDX2?
try and search: index = dap splunk_server = IDX4 any results?

0 Karma

Path Finder

Hello Adonio,

Rep factor is 2. Search factor is 2. When I am trying to do search index=dap. Results are only coming from the IDX2 host where I forwarded it from HF. Index configuration is same in all indexer as pushed the config file from cluster master.

0 Karma

Ultra Champion

did you try the search?
index = dap splunk_server = IDX4
can you check for errors in internal index?
index = _internal log_level - ERROR OR log_level = WARN*

0 Karma
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

New This Month - Observability Updates Give Extended Visibility and Improve User ...

This month is a collection of special news! From Magic Quadrant updates to AppDynamics integrations to ...

Intro to Splunk Synthetic Monitoring

In our last post, we mentioned that the 3 key pieces of observability – metrics, logs, and traces – provide ...