- Splunk Answers
- :
- Splunk Platform Products
- :
- Splunk Enterprise
- :
- Splunk new index
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
if some one come and ask me to create a index splunk to indext the data from the new data source.
what happens if created that index from searchhead
and write a stanza to indexs.conf file in masterserver server and push those changes to all other peer nodes (indexers cluster)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
without cluster, i think, we can not create indexes on search heads (thru splunk GUI when we create, it creates on indexer, not on Search Head, i think)
Regarding indexer cluster,
Note: To add a new index to an indexer cluster, you must directly edit indexes.conf. You cannot add an index via Splunk Web or the CLI. For information on how to configure indexes.conf for clusters, see Configure the peer indexes in an indexer cluster. That topic includes an example of creating a new cluster index.
http://docs.splunk.com/Documentation/Splunk/6.6.1/Indexer/Setupmultipleindexes
Important: You cannot use Splunk Web or the CLI to configure index settings on peer nodes. You must edit indexes.conf directly.
Configure the peer indexes in an indexer cluster -
You configure indexes by editing the indexes.conf file. This file determines an indexer's set of indexes, as well as the size and attributes of its buckets. Since all peers in a cluster must use the same set of indexes (except for limited purposes, described later), the indexes.conf file should ordinarily be the same across all peers.
The cluster peers deploy with a peer-specific default indexes.conf file that handles basic cluster needs. If you want to add indexes or change bucket behavior, you edit a new indexes.conf file in a special location on the master and then distribute the file simultaneously to all the peers.
http://docs.splunk.com/Documentation/Splunk/6.6.1/Indexer/Configurethepeerindexes
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
without cluster, i think, we can not create indexes on search heads (thru splunk GUI when we create, it creates on indexer, not on Search Head, i think)
Regarding indexer cluster,
Note: To add a new index to an indexer cluster, you must directly edit indexes.conf. You cannot add an index via Splunk Web or the CLI. For information on how to configure indexes.conf for clusters, see Configure the peer indexes in an indexer cluster. That topic includes an example of creating a new cluster index.
http://docs.splunk.com/Documentation/Splunk/6.6.1/Indexer/Setupmultipleindexes
Important: You cannot use Splunk Web or the CLI to configure index settings on peer nodes. You must edit indexes.conf directly.
Configure the peer indexes in an indexer cluster -
You configure indexes by editing the indexes.conf file. This file determines an indexer's set of indexes, as well as the size and attributes of its buckets. Since all peers in a cluster must use the same set of indexes (except for limited purposes, described later), the indexes.conf file should ordinarily be the same across all peers.
The cluster peers deploy with a peer-specific default indexes.conf file that handles basic cluster needs. If you want to add indexes or change bucket behavior, you edit a new indexes.conf file in a special location on the master and then distribute the file simultaneously to all the peers.
http://docs.splunk.com/Documentation/Splunk/6.6.1/Indexer/Configurethepeerindexes
Welcome to the Splunk Community!
Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM
Adoption of RUM and APM at Splunk
