I am trying to setup HEC for my indexer cluster (v8.0.7), with 2 indexers (and 3 search heads) managed by a master node. I read multiple docs and articles already, but I want to make sure I get s...
...a new multisite indexing cluster (I've done this before during a professional services engagement), and following Splunk docs very closely on setting up clusters and multisite clusters. I've fully r...
...er instance at 3500 IOPS per mount
I am trying to setup the serverclass.conf file to manage the instances on the indexers separately because the mount points for the indexes are different based on t...
Hi! I'm trying to setup a dashboard for users to be able to see how much raw data size they used over time and have users be able to select multipleindexes. (Note here: I do have most of my indexes...
Hi everyone,
i am new to splunk and i am setting it up in our staging and production envs, i would like to know how i could manage this situation
We have something like 30 partners each of t...
...hould I split the storage up evenly by creating indexa and indexb on both servers, and set a max size of 375 GB on each (750GB/2)? Are there any caveats as we add more indexes or more search nodes? D...
I inherited a splunk mesh of search-heads, deployment server, index cluster, etc. I am trying to figure out all this splunk stuff, but ran into an issue that I am not sure if it ignores best p...
Currently in Splunk we have it setup in indexes.conf to explicitly request that "cartlog" (a specific index) go to its own db:
/opt/splunk/etc/apps/webintelligence/local/indexes.conf
[c...
...here is a global setting to roll the buckets from warm to cold and cold to frozen, when the hot/warm and cold db are on the same volume with multipleindexes. There are the per-indexsettings of h...
...plunk Enterprise 9.0.2 and:
- on each Indexer the disk reach 150K IOPS
- we already performed this set-up that improved the effect, but hasn't solved it:
indexes.conf
[default]
m...