Splunk Search

federated search in splunk

MrIncredible
Explorer

I am unable to search my custom fields in Splunk after getting migrated index from normal to federated. do I have to change something in field extractions? or something wrong in migration

Labels (2)
0 Karma

MrIncredible
Explorer

Thanks @PaulPanther for replying. can you please let me know if I can check this at user end whether custom fields are present on local and remote searchHeads or I need to take help from our infra team who manages Splunk. Because as far i can see these custom fields are saved in app where i am running search.

0 Karma

PaulPanther
Builder

If you don't have GUI access to the remote searchhead you must ask your infra team. They should be able to confirm if the custom fields are configured on the remote searchhead.

0 Karma

PaulPanther
Builder

The missing custom fields are present on local and remote searchHeads? 

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

Industry Solutions for Supply Chain and OT, Amazon Use Cases, Plus More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...