Monitoring Splunk

In which config file are DMC roles and DMC Distributed mode defined?

ncrisler
New Member

Currently working on automation a Splunk build and am wondering where DMC roles and DMC distributed mode are defined from a config file perspective.

0 Karma
1 Solution

jwelch_splunk
Splunk Employee
Splunk Employee

The main thing this looks at is all under the splunk_monitoring_console

lookups/assets.csv
local/splunk_monitoring_console_assets.conf

And the real kicker is normally in

/opt/splunk/etc/system/local/distsearch.conf

This is where we create all the search groups.

Okie

View solution in original post

jwelch_splunk
Splunk Employee
Splunk Employee

The main thing this looks at is all under the splunk_monitoring_console

lookups/assets.csv
local/splunk_monitoring_console_assets.conf

And the real kicker is normally in

/opt/splunk/etc/system/local/distsearch.conf

This is where we create all the search groups.

Okie

Aftend1971
Explorer

These are generated, right? Not for edit.
lookups/assets.csv
local/splunk_monitoring_console_assets.conf

But how to edit
/opt/splunk/etc/system/local/distsearch.conf
to have in DMC remote peers in 'Configured' state, not in 'New' state?

If you add manualy configuredPeers=peer:8089 to local/splunk_monitoring_console_assets.conf, it will be configured. But I guess that this is not right way.

sgao
Splunk Employee
Splunk Employee

You will need to click on Apply Change for its state to change from New to Configured.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...