Hello. Here's my situation. I am using the deployment server to push deployments to universal forwarders and would like to create a singledeployment for multiple Apache servers. For reasons I w...
Good morning.
We are (finally) looking to upgrade and add a second indexer in the mix. Our current setup is the following:
Searchhead x 1
Indexer x 1
Deployment Server x 1
We want to do single...
Hi,
I would like to move my alerts and dashboards to another server.
Actually we have a separate search head and Indexer now. We are planning to drop our search head and move all the alerts a...
Hi guys!
How to setting splunk an architecture of 01 heavy forwarder, 01 search head and 01 indexer?
I need to collect Windows events, firewalls and Cisco routers in an environment with heavy f...
Hi everyone,
I'm trying to use splunk as heavy forwarder to send out only 1 index, but it doesn't work. Could someone please help me? I think there is something wrong in the outputs.conf.
[t...
...ractice, poor judgement, or as intended.
We have 8 main indexers that do what indexers do, all clustered as peer nodes.
The deployment server is the master node and the search head for the cluster (w...
...o have search head and indexer as well with deployment server to capture only internal UF logs for health checkup daily routines. Other logs would be forwarded to other dedicated indexers not in our c...
...nvironment and we don't want any single logs from this xyz server and it is directly sending logs to indexer not to deployment server.
So I create 2 files one is props.conf and other is transforms conf&n...
Hello,
In a test environment, we have a single-host installation of Splunk Enterprise, i.e.
- License Master
- Indexer (single, no cluster)
- Deployment Server
- Search Head (single, no c...