...) change your input.cfg on every machine (functionality specific, DC, Exchange, etc..)
2) Use a SPLUNK app.
With 1500 servers it's not manageble to have different input.conf for each f...
We have Splunk installation in a distributed environment with search head clustering and indexer clustering enabled and managed via a master node.
We are currently in the process of ingesting n...
...istributed environmentmanaged by a deployment server?
The app.conf file in the app has state = disabled. Despite that it still generates disk usage data (wut?) but doesn't forward the data to the i...
All,
Anyone have a good walk through or tutorial on managing Splunk as a container? Upgrades and not loosing configs? SHC and user local files? Mounting disks for indexers into the container? T...
I have a clustered Splunk env with an index="myjavaapp".
I need to collect the logs from multiple environments - Dev/QA/Stress/Pre-Prod/Prod - where each environment has about 2 to 15 servers. T...
Hello,
I am assembling a multisite clustered Splunk implementation. I am having a little trouble finding what sufficient specs are needed for a deployment server that will manage between 1500 - 2...
I have a multisite cluster. When some of the buckets meet retention, will the bucket get deleted from all the Cluster Peers? How is the Bucket deletion managed due to Retention in a Multi_site Cluster?
Has anyone configured the PP TAP application in a clustered environment? I've been unable to find configurations to reference. We need to change the index the application sends to, add the API key i...
We have implemented Alert manager in our prod environment.
The problem we are facing is that when we try to assign the alerts to a user in Splunk it is not working whereas when we try to do the s...