Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Search
Splunk Community
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Search
Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
281 results
Sort by:
11-20-2018
10:16 AM
1 Karma
...now how I could accomplish this? Your help is much appreciated.
Note: our Splunk instance has a heavy forwarder (where the file is) that is set to send data to our 2 indexers up in the AWS cloud. T...
11-07-2023
05:10 AM
...hen trying to activate in distributed mode : "Do not configure the DMC in distributed mode if this is a production search head. Doing so can change the behavior of all searches on this instance. This i...
Labels
- Labels:
-
monitoring console
06-28-2022
01:26 AM
Hello, We are in indexer cluster,2indexer,1clustermaster,deployment server & License master,2 HEC and 1 search head. I have created tokens in one of my HEC instance and i can able to see logs a...
08-16-2017
11:24 AM
Hi All,
Currently I have a single instance which acts as indexers as well as search head. But i am planning to include another instance and make it as indexers and use the existing machine as search...
09-29-2017
11:22 AM
When using a stand alone search head, we made configuration changes in etc/system/local/ e.g. outputs.conf, limits.conf, etc
I've converted this standalone instance to a search head cluster, b...
07-07-2021
08:57 AM
I have a Splunk Enterprise instance with a 1GB license set up to aggregate logs in a small Windows AD environment (Server 2016 DC, CentOS file server, and < 10 Win10 workstations). I currently h...
Labels
- Labels:
-
administration
01-16-2019
07:39 PM
I am migrating from a stand-alone Splunk instance to a Splunk cluster (w/ search-head-cluster + indexer-cluster) and I am hitting this problem.
On my search heads, I have these settings
/opt/s...
06-21-2024
06:55 AM
I have the following setup with Indexer Discovery + Indexer Cluster + Search Head Cluster: - Deployment Server - 3 X Indexer + Cluster Manager (Indexer Cluster) - Search Head Deployer + Search Head...
Labels
- Labels:
-
indexer
-
monitor
-
universal forwarder
-
Windows
12-28-2017
07:14 AM
...nstalled on both SH, it works locally on both, but my KV store instance seems locally even though I have set 'replicate = true' in my Collection stanza and 'replication_host = FQDN' in server.conf.
R...
07-17-2017
07:33 AM
3 Karma
...Cluster(s)" column in the MC Setup never shows the label. As such, I get the warning that "This instance is a search head deployer without a search head cluster label. We recommend you edit this instance...
