Hello Splunkers! I am very exited about the new federatedsearch feature starting the Splunk 8.2 version! I got it to run with a onPrem development machine and a regular index - works as desired a...
Hi Team, I have created a federated provider and test connection successful . what will be our next steps ? is federated index mandatory to create ? if yes all the indexes across SHs should be created ?'
I have a use case where I'm trying to collect events from a federatedsearch. I can run and search results using the federated index, but when I try to add a collect command to collect the results t...
Regarding Federatedsearch:
Is the only authentication option username and password? We use SSO on the remote search head (LDAP/Reverse Proxy) which would be preferable.
Why do you need to e...
...ontains historical data. There is also same index created in Splunk Cloud with 90 days of data. After switching the UF's to point to Splunk Cloud, is there a way to run a search in Splunk Cloud that searches...
Hello, How to modify _time when running summary index on a scheduled search? Please suggest. I appreciate your help. Thank you When running summary index on a scheduled search, by default, _...
...ehavior, and if the captain will start distributing input jobs to other members once it is maxed out? I am running this search to see the input jobs: index=_internal sourcetype=dbx_job_metrics c...
Hi all. I have a search that searches a large amount of events. Its run on fast mode, on the statistics page. When i start the search it slow starts populating the fields, but then at one p...
Hello, Supposing you have a Search Head in Cloud, doing FederatedSearches to other Search Heads on-prem, which is the compression ratio (if any)? I have found those useful information about c...
On all SearchHead cluster members with ver 8.0.2, every day we are observing that CPU utilization grows. After roughly two days CPU load grapsh looks like "climbing". After our analysis we f...