Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

advice for syncing knowledge bundles over the WAN

tpsplunk
Communicator
‎09-13-2011 02:53 PM

I have West Coast and an East Coast Datacenters with splunk indexers. my search users are in the West coast so my single search head is here on the West coast. I'd like to use mounted knowledge bundles but i'm not sure its practical to NFS mount my East Coast indexers to a West Coast NFS share. has anyone sync'd knowledge bundles across the country (or further)? should I try the NFS mount or should I do something like create a local NFS mount to East Coast and use a copy process (cron job and rsync job or SAN replication,etc) to copy the knowledge bundle from West Coast to East?

Tags (4)
Reply

fbl_itcs
Path Finder
‎10-29-2013 07:55 AM

Hi,

I'm having the same issue here. Did you found a practical way to achive this?

Regards,
Felix

0 Karma
Reply

tpsplunk
Communicator
‎10-29-2013 08:31 AM

No I never got it working. we recently hired someone that had some previous multi-geography splunk experience;we're in the middle of implementing recommended changes. He recommended to only have indexers in your local search environment. In your remote Datacenters configure your universal forwarders to send to locally installed heavy forwarders that do some index level work (transforms,etc). These forward the data on to the indexers in the local DC. obviously this isn't a one size fits all solution. it's probably best to engage splunk professional services to help with this kind of change.

Reply
Get Updates on the Splunk Community!

Unlock Database Monitoring with Splunk Observability Cloud

  In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and ...

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

At Cisco, purpose isn’t a tagline—it’s a commitment. Cisco’s FY25 Purpose Report outlines how the company is ...

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join us for a live Demo Day at the Cisco Store on January 21st 10:00am - 11:00am PST In the fast-paced world ...