Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
1,000 results
Sorted by:
07-17-2017
07:26 PM
In my environment, I have two indexers for one Search head.
I think that these commands like "search", "dedup", "transaction" are processed by indexer in distributed search.
But are these c...
12-28-2017
07:14 AM
Hello.
I'm running on RHEL 7 with 6.6.3 and an Indexer cluster (3 peers), and have 2 Search Heads not in a SHC but connected induvidually to the index cluster.
I try to use KV store with a c...
04-17-2013
07:59 AM
Hi,
There are 2 splunk servers( A and B) that have differente data and indexes. I have setup distributed search from A to B and B to A.
searches done from A to B: everything is working as e...
- Tags:
- distributed
12-19-2011
03:51 AM
Folks,
I have a Splunk 4.2.4 search-head and indexer on another machine in a distributed setup.
I'm getting an error in my splunkd.log about my knowledge bundle timing out replicating from search...
- Tags:
- search-head
07-31-2016
01:13 PM
Hello Splunkers!
I am currently setting up a distributed Splunk system in our company.
It consists of: 2 Indexers and a Cluster Master Node, a standalone Search Head and a standalone Deployer/L...
Show results in replies (4)
-
To be as concise as possible, the speed gain in your example stems from distributed search, not f...
-
...f each bucket, and only the primary is searched. Historically, Splunk had distributed search b...
-
...ubtotals in a parallel, distributed manner. You request each indexer calculate sum(session_count) a...
-
...aster node does not participate in the actual searching of data, all it does is tell the search h...
03-18-2016
08:00 AM
Hello. I'm a new Splunk user, and I'm quite uncertain about how to index some distributed data. I have one SH and multiple Indexers located around the globe. Each of these Indexers has a local log f...
09-14-2020
02:27 PM
...ndexers. On the search head: The full message in splunkd.log is: "Global key files are invalid. This server cannot distribute searches to other servers." In Settings » Distributed search...
Show results in replies (9)
-
@soutamoThanks for the ideas. I removed the search peers from the sh and restarted the sh. I t...
-
@soutamoFixed! The problem was a straightforward consequence of the way the vendor software interac...
-
@soutamoThanks for your help. With any luck, later today I will have time to test a different versi...
-
...re the same on all nodes. The search head was the last to be converted. I apologize if I was u...
-
Can you remove search peer from sh and restart it? Then remove also trusted.pem from peer, r...
-
Then it’s time to create support case to Splunk if you haven’t do it yet.
-
@soutamoHere's an update on this problem. After intensive work with vendor, I have no resolution, b...
-
...ave you already try to remove + add search peers again? r. Ismo
-
...ew peer when I was in the list of search peers. I had to be the "distributed peers menu" to see t...
04-08-2018
05:53 AM
...ontext: admin -> admin
04-08-2018 12:49:09.165 INFO UserManager - Unwound user context: admin -> admin
04-08-2018 12:49:09.165 INFO DistributedSearchResultCollectionManager - Stream search: l...
01-19-2016
04:09 AM
I have a 3 node search head cluster that backs on to a single indexer (its a test environment). All servers are 6.3.2. For one particular sourcetype, the search time xml field extractions do not f...
07-22-2016
03:20 AM
Hello,
About the next subject, someone has any opinion:
Splunk GUI > Manager » Distributed search » Search peers
What is the role of "Auto-discovered" and what does mean value of "0" v...
