I have a question about studying multi-site clustering. In a multi-site clustering environment, search heads and peer nodes exist in one site, but only one manager node exists in a specific site. I...
On the topic of managing applications from Splunkbase, I have a few questions. Take the TA-Exchange-Mailbox as an example: Firstly, the installation documentation for this application seems i...
I have a question aboutmanaging the buckets in my volumes configured for indexes.
Below are my current configurations:
[volume:hotwarm]
path = /data/splunk/homedb
maxVolumeDataSizeMB = 9...
Hello, we have a data center with several type of equipment such as servers, switches, routers, EDR, some IOT Sensors, virtualization and etc. Based on EPS, we need about 10 indexer based on s...
after Splunk version upgrade (some time ago, I'm sure) there is a new directory on the Index Cluster Master called manager-apps but the old one called master-apps is still there as well I k...
How to change the architecture from a single indexer to an indexer cluster with indexer management? I need an overview of what configuration files need to be changed to change the architecture from s...
Hello everyone, I am encountering an issue with the Alert Manager Enterprise application; following the triggering of an alert, no event is created in my dedicated index. The status of the h...
I have a clustered Splunk env with an index="myjavaapp".
I need to collect the logs from multiple environments - Dev/QA/Stress/Pre-Prod/Prod - where each environment has about 2 to 15 servers. T...
My team has duplicate events in our index (~600 GB). We have fixed duplicate source and need to remove the existing duplicates from the index.
What are the best practices for managing duplicates o...
...6 13:49:16,858 INFO pid="8842" logger="alert_manager" message="Incident status after suppresion check: new" (alert_manager.py:422)
From the below error, is there concern about using index "index...