...e've well seen the recommandation here, and especially : "When you set up the monitoring console in distributed mode, it creates one search group for each server role, identified cluster, or custom g...
Hi there! We have an environment of a single search head with 14 peers, and it seems like our distributedsearches take much longer than they should. A given search takes around ~15-20 seconds to c...
In my environment, I have two indexers for one Search head.
I think that these commands like "search", "dedup", "transaction" are processed by indexer in distributedsearch.
But are these c...
Hello,
Architecture:
I have a distributed Seach (not in Cluster)
1 Search head and 1 Indexer.
Every logs are stored on the indexer and with the search head user can search ....
P...
Hi all,
I have a simple question:
In a distributed environment (without SH cluster), what happens when I do a distributedsearch?
As I understand the SH opens a connection to the search p...
Hello.
I'm running on RHEL 7 with 6.6.3 and an Indexer cluster (3 peers), and have 2 Search Heads not in a SHC but connected induvidually to the index cluster.
I try to use KV store with a c...
...hen deploying configuration changes. What are the best practices when it comes to deploy a system configuration, e.g. distributedsearch peer's, from the Deployer to all the SH members?
If I u...
Hi,
There are 2 splunk servers( A and B) that have differente data and indexes. I have setup distributedsearch from A to B and B to A.
searches done from A to B: everything is working as e...
Hello,
I am administrating a distributed environment with 1 Search Head and 10 peers. Something special is that communication is established via a satellite therefore the bandwidth is limited.
Search...