Hello Splunkers! I am very exited about the new federatedsearch feature starting the Splunk 8.2 version! I got it to run with a onPrem development machine and a regular index - works as desired a...
...ontains historical data. There is also same index created in Splunk Cloud with 90 days of data. After switching the UF's to point to Splunk Cloud, is there a way to run a search in Splunk Cloud that searches...
Hi Team, I have created a federated provider and test connection successful . what will be our next steps ? is federated index mandatory to create ? if yes all the indexes across SHs should be created ?'
Regarding Federatedsearch:
Is the only authentication option username and password? We use SSO on the remote search head (LDAP/Reverse Proxy) which would be preferable.
Why do you need to e...
...luster- set to run scheduled searches as the other 10 members as adhoc only. The Captain takes into consideration number of members in the cluster who can run scheduled searches?
((24*3)+6 ).85 2 = 132
I...
Hello, Supposing you have a Search Head in Cloud, doing FederatedSearches to other Search Heads on-prem, which is the compression ratio (if any)? I have found those useful information about c...
I have a distributed Splunk environment, meaning a SHC and IDX cluster connected via distributed search as outlined in the Splunk docs. I have a Splunk Cloud free trial, and was wanting to try out federated...
Hello I want to ask a question about subsearch. When submitting a fed command without using it, an error message occurs as follows.
Before setting federatedsearch ] index=fw | join s...