I need details about what to validate after the upgrade so I know it was successful. How can I tell that everything got upgraded correctly, and that the system is healthy and ready to go?
Hi, I'm new to Splunk, trying to understand for Splunk we have 1 installation we need to customize it to work as Forwarder or Indexer or Search Head, So want to know which all files need to modify t...
Hi
I have a single install (Everything on one machine).
I want to go to one search head and 2 indexers (non clustered) multiple machines.
Is there a set of instruction on how to do this, t...
...earch Head. I am able to successfully grant Splunk access to my Box account and pull events.
But I cannot add the Data Inputs, as specified in the configuration instructions. In fact, when I try t...
I cannot figure out which component to enable HEC and where to send the events. We have an on prem Splunk Enterprise distributedconfiguration with a Deployment server, Indexer and SearchHead. We a...
...ost panel of Overview) while the right-most panel indicates there are 8 peers searchable and the Distributed Environment>Indexer Clustering panel lists the 8 deployed indexers. Also, when I execute t...
Hi there, our current Splunk Installation contains a indexer cluster with 2 nodes and 1 searchhead which also has the cluster master role, License role anddeployment role included. I now added t...
...efault/inputs.conf
[WinEventLog://Security]
disabled = 0
(I've also tried to add "index = main" on bottom of above stanza with no results).
And other configurations to send logs globally from deployment...