Splunk Enterprise

Allocate a scheduled search to all searcheads in a searchead cluster

sebastian_m
Engager

Hello there,

we use an alert action that has a lot of technical dependencies. In order to make sure that all searchheads are able to perform this alert action we would like to make a regular check of all of them. Our idea was to use a simple scheduled search that triggers the alert action on a regular basis as a test, to see if everything is fine.

The problem is, that we don't know if it is possible to force the searchhead captain to allocate this specific search to all members of its cluster. Otherwise we would only see if the member that coincidentally got the search functions properly.

Do you know of any way to achieve, that all members of a searchead cluster run a specific search?

Thanks in advance for the help.

0 Karma
1 Solution

isoutamo
SplunkTrust
SplunkTrust

In normal situation captain sends search to one of members to run. You cannot specify in which node it runs or specify that it run every one.

View solution in original post

0 Karma

isoutamo
SplunkTrust
SplunkTrust

In normal situation captain sends search to one of members to run. You cannot specify in which node it runs or specify that it run every one.

0 Karma

sebastian_m
Engager

That is unfortunate. But thanks for your reply.

0 Karma
Get Updates on the Splunk Community!

Accelerate Service Onboarding, Decomposition, Troubleshooting - and more with ITSI’s ...

Accelerate Service Onboarding, Decomposition, Troubleshooting - and more! Faster Time to ValueManaging and ...

New Release | Splunk Enterprise 9.3

Admins and Analyst can benefit from:  Seamlessly route data to your local file system to save on storage ...

2024 Splunk Career Impact Survey | Earn a $20 gift card for participating!

Hear ye, hear ye! The time has come again for Splunk's annual Career Impact Survey!  We need your help by ...