Solved: Re: In which config file are DMC roles and DMC Dis...

ncrisler · ‎03-21-2017

Currently working on automation a Splunk build and am wondering where DMC roles and DMC distributed mode are defined from a config file perspective.

jwelch_splunk · ‎03-22-2017

The main thing this looks at is all under the splunk_monitoring_console

lookups/assets.csv
local/splunk_monitoring_console_assets.conf

And the real kicker is normally in

/opt/splunk/etc/system/local/distsearch.conf

This is where we create all the search groups.

Okie

View solution in original post

jwelch_splunk · ‎03-22-2017

The main thing this looks at is all under the splunk_monitoring_console

lookups/assets.csv
local/splunk_monitoring_console_assets.conf

And the real kicker is normally in

/opt/splunk/etc/system/local/distsearch.conf

This is where we create all the search groups.

Okie

Aftend1971 · ‎03-28-2018

These are generated, right? Not for edit.
lookups/assets.csv
local/splunk_monitoring_console_assets.conf

But how to edit
/opt/splunk/etc/system/local/distsearch.conf
to have in DMC remote peers in 'Configured' state, not in 'New' state?

If you add manualy configuredPeers=peer:8089 to local/splunk_monitoring_console_assets.conf, it will be configured. But I guess that this is not right way.

sgao · ‎04-02-2018

You will need to click on Apply Change for its state to change from New to Configured.

In which config file are DMC roles and DMC Distributed mode defined?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?