...e > General and select DistributedConfiguration Management.
"Your server has not been configured as a deployment client yet. In order to use this feature, you have to setup a deployment...
I need details about what to check before I upgrade so I know if my deployment is ready to upgrade. What do I monitor, and how do I benchmark system health before the upgrade?
...2/M12 deployment model with 2 indexers on each side instead of 3. I wanted to run my rational through some experts Current Architecture Search Head 2 Indexers Configured for Distributed...
Hi, I'm new to Splunk, trying to understand for Splunk we have 1 installation we need to customize it to work as Forwarder or Indexer or Search Head, So want to know which all files need to modify t...
...earch Head. I am able to successfully grant Splunk access to my Box account and pull events.
But I cannot add the Data Inputs, as specified in the configuration instructions. In fact, when I try t...
I cannot figure out which component to enable HEC and where to send the events. We have an on prem Splunk Enterprise distributedconfiguration with a Deployment server, Indexer and SearchHead. We a...
...ith data retention requirements we need to ensure that all previous local security logs from 2019 until now are ingested, confirmed to be stored, and then ideally deleted from the local machine to s...
Hi all I installed andconfigured the FortiWeb app for Splunk. I also set a desired index on the heavy forwarder (named fortiweb). There is a problem that the predefined dashboards in the app read t...
...efault/inputs.conf
[WinEventLog://Security]
disabled = 0
(I've also tried to add "index = main" on bottom of above stanza with no results).
And other configurations to send logs globally from deployment...