Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I ensure my user-created data is coherent across my splunk appserver/search head nodes?

jrodman
Splunk Employee
Splunk Employee
‎03-11-2010 08:34 AM

If I have more than one splunk user interface that users log into, either for regional goals, or for load balancing, how do I ensure that the configuration data created by users in the interface is available on all my nodes?

Reply
1 Solution
Solved! Jump to solution
Solution

jrodman
Splunk Employee
Splunk Employee
‎09-27-2011 01:48 AM

Since asking this question, we have adding "Search Head Pooling" to Splunk, which squarely addresses this goal. (It has been a while).

http://docs.splunk.com/Documentation/Splunk/5.0/Deploy/Configuresearchheadpooling

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

jrodman
Splunk Employee
Splunk Employee
‎09-27-2011 01:48 AM

Since asking this question, we have adding "Search Head Pooling" to Splunk, which squarely addresses this goal. (It has been a while).

http://docs.splunk.com/Documentation/Splunk/5.0/Deploy/Configuresearchheadpooling

0 Karma
Reply
Solved! Jump to solution

vbumgarn
Path Finder
‎04-22-2010 08:01 PM

What do people do in the real world?

The only sane option that I can see at this point is to only run one user facing search server at a time.

On a related note... It sure would be nice if everything "local" was stored in a single directory, and everything "server specific" stored in a different directory. Then it would be cake to just rsync over that "local" directory to a cold server and backup both of them.

Reply
Solved! Jump to solution

vbumgarn
Path Finder
‎05-20-2010 06:13 PM

Have you had a chance to craft that rsync invocation?

0 Karma
Reply
Solved! Jump to solution

vbumgarn
Path Finder
‎04-23-2010 05:46 PM

Yes, please. That would be useful for a number of things, for instance simply pulling everything out and backing it up independently of the splunk installation, for customers that are only running one instance.

0 Karma
Reply
Solved! Jump to solution

jrodman
Splunk Employee
Splunk Employee
‎04-23-2010 07:56 AM

I think I could craft an rsync invocation that would 'do the right thing', as far as capturing all the local items in every app, as well as user directories. Worth spending time on?

0 Karma
Reply
Solved! Jump to solution

orekdm
New Member
‎03-16-2010 05:37 PM

I have read about, but not test the following methodology which allows for syncing saved searches via LDAP.

Convert saved searches to LDAP

I do not think that this method covers the rest of the users settings that are stored within /opt/splunk/etc/users and perhaps that should be an enhancement request. You might be able to use rsync to keep this entire hierarchy up to date assuming that the usernames are common across each search head.

0 Karma
Reply
Solved! Jump to solution

jrodman
Splunk Employee
Splunk Employee
‎03-24-2010 06:29 PM

This is method you link to is basically a workaround to avoid having saved searches break when you go from splunk auth to ldap. In 4.1, you have LDAP and splunk auth generally, so the workaround should no longer be needed.

0 Karma
Reply
Solved! Jump to solution

gkanapathy
Splunk Employee
Splunk Employee
‎03-11-2010 04:02 PM

...and what if i use deployment server for the app....oh maybe that needs its own question

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

 Are you ready to revolutionize your IT operations? As digital transformation accelerates, the demand for ...

Calling All Security Pros: Ready to Race Through Boston?

Hey Splunkers, .conf25 is heading to Boston and we’re kicking things off with something bold, competitive, and ...

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Financial services organizations face an impossible equation: maintain 99.9% uptime for mission-critical ...