Regarding Federatedsearch:
Is the only authentication option username and password? We use SSO on the remote search head (LDAP/Reverse Proxy) which would be preferable.
Why do you need to e...
Hello Splunkers! I am very exited about the new federatedsearch feature starting the Splunk 8.2 version! I got it to run with a onPrem development machine and a regular index - works as desired a...
I am unable to search my custom fields in Splunk after getting migrated index from normal to federated. do I have to change something in field extractions? or something wrong in migration
CAN I ADD FEDERATEDSEARCH AS ROOT SEARCH IN DATASETS?
I WAS ABOUT TO CREATE A DATAMODEL FOR A DASHBOARD WITH MULTIPLE SPLUNK DEPLOYMENT.
HOWEVER, WHEN I USED FEDERATED INDEXES IN DATASETS. I G...
Hello, Supposing you have a Search Head in Cloud, doing FederatedSearches to other Search Heads on-prem, which is the compression ratio (if any)? I have found those useful information about c...
Hello I want to ask a question about subsearch. When submitting a fed command without using it, an error message occurs as follows.
Before setting federatedsearch ] index=fw | join s...
동일한 데이터를 로컬 및 원격 검색(연합 검색)을 통해 검색 속도와 비교합니다.
그러나 자동 조회를 사용하는 검색의 경우 검색 속도가 100배 이상 다릅니다.
원격 검색이 훨씬 빠릅니다.(로컬 검색은 10분, 원격 검색은 30초)
왜 이런 속도 차이가 나는지 궁금합니다.
예시)
색인=방화벽 작업=허용
* ACTION은 자동 조회 설정...