Does anyone have any good resources about indexes and index management?
Before I set up a bunch of indexes, I'd like to know more about the how indexes impact my deployment.
Does any one know what are the best practices for partitioning the Linux OS i.e redhat / centos for the Splunk application server ?
lets say I have 250 GB can some one advise on this ?
Hi
I am running a heavy forwarder with HEC and it is sending data to 3 indexers. I am starting to read about ways to optimise this configuration, but I am not sure if I have all the settings...
Hi, I have a difference between 2 searchpeers, both members of my indexer cluster, for the time to Reap Knowledge Bundle Directory. The average of the first one is about 2~3s whereas the second o...
Hey,
I noticed a problem on my clustered environment, when the SH could not search over 2 new peers I’ve added to the cluster earlier.
When trying to search over the new peers’ ‘_internal’ l...
My searches are failing with the following errors in splunkd.log. I have one Search Head and 26 indexers. In the SearchPeer's splunkd.log, I see following errors:
08-10-2015 20:37:24.501 +0000 I...
I have a 5GB license in my Splunk, but abruptly on a single day, 24GB logs got indexed. After that, search heads became very slow. I have indexer clustering in my Splunk setup (3 peers 7 1 master)....
