Hi all, I built a dedicated Search Head Cluster with 3 members and a deployer to load and test how DB Connect works in a shcluster. Splunk Enterprise 9.1.2 and DB Connect 3.15.1. The c...
...ssentially on indexing capacity, even though it's less than 100Go daily (our licence allows 80Go) and search load is really low. So we have : - 1 Search Head - 2 indexers (no cluster) The search head a...
...tem Type"
(where viewby is selected value from dropdown. Now the applicable values for viewby in the drop down are "type1", "type2", "type3". In the column header, I want to display "Type 1" f...
Hi Team,
I am unable to restart Splunk on my Search head. Earlier its working fine but now it's not working.
Due to this GUI of this Search head is also not able to access getting timed out....
Hello Splunkers I use the deployer to deploy config apps or add_ons on a search head cluster. This works when I want to deploy a new app or delete an app. I see that the search head c...
Hi All, We are migrating SHC members from old to new datacenter. There are total 3 members as a part of SHC. Please tell us which is the best approach to follow. 1. Add 1 new node to the SHC, have...
I'm reading the docs about sharing summaries between search-heads and I'm a bit puzzled. https://docs.splunk.com/Documentation/Splunk/8.2.1/Knowledge/Sharedatamodelsummaries The article states: "Y...
Hello All, I need your help for using head command by passing the parameters at run time. The background of the above is as follows: - I am working on building a SPL to identify anomalous events i...
...pplying search head cluster bundle.
I use this command to upgrade Splunk Enterprise Security:
$SPLUNK_HOME/bin/splunk apply shcluster-bundle -preserve-lookups true -target https://instance1:8...
...orwarder. If we only have access to the research head, is it possible to install it on search heads?
- in terms of indexing, is it required to have the Splunk indexing, or I can use the indexing of the o...