Hi @richgalloway Thanks I will do so , but I was just wondering if there is any such link where the major version upgrade is explained , I am not sure if there is any and above answer seems still valid in my environment. Do you have any suggestion there? ... View more

@kgrigsby_splunk Many thanks for this detailed answer , But I just want to ask q question regards to the people who are upgrading a major version like from 6.6 to 7.0.x build , we have a similar requirement and we are also running in multisite configuration where we just have 1 Cluster Master , 2 search heads [ 1 for each site] and 4 indexers [ 2 for each site with indexer cluster]. If I go by above process I can just upgrade master and search head and search peers for site 1 and then the same for site 2 . The only confusion I am running into is that would it be ok for me to keep the indexer cluster & Mater shutoff completely during the upgrade, what is the implication of me upgrading directly from 6.6 to 7.0.3 version. Thanks ... View more

This is the splunk issue in 7.2 it seems , we have had the same issue where we are seeing tons of log saying ERROR HttpInputDataHandler - Parsing error : Error in handling indexed fields , we are using the same token across our nodes and splunk 6.6 version works fine with the same set of jsons we are sending but the once we tried the same requests using HEC in splunk 7.2 , we have started to see these issues. Can somebody please let us know if they had seen any changes from 6.6 to 7.2 for Http event collector feeding data differently now. Thanks ... View more

Did anyone got any resolution to this , seeing the same , can confirm the network is fine and quite open inside the entire cluster , appreciate the help ! ... View more

Hello @swilsonGresham I just came across the question when I was looking for the very similar information. As of right now I have designed my splunk in AWS to just use EBS with regular IOPS , I expect around 50 GB/day data , I just thought to use EFS only today but I wanted to see how the community and people's experience was there as @dwaddle pointed out NFS v4 which provides the good ssd with little low IOPS level performance , I am not sure what would my splunk do , so if you have used EFS and would like to share the thoughts It would be awesome. Thanks much ... View more

you are getting this because you are running the right command on the wrong node. deployer just pushes the app on search head nodes , SHC master is one of the search head node, so try to run the command from one of the search head node and it would show up the cluster info if SHC is configured correctly. Thanks ... View more

I am having the same issue , the only thing is I am not even able to see a successful splunkweb page at all. I have configured my environment using the ALB and 3 search heads behind it. so User browser(https) ---> ALB listens on 443 ---> Forward to Target Group which has protocol for HTTPS and Port 8000 for backend servers. all search heads are configured to use https but it just gives me 502 Bad Gateway all the time. I enabled the access logs to ALB and here's what I get. h2 2018-03-19T17:34:59.318960Z app/Splunk-SearchHead-ELB/d24e3730216c0f34 37.228.224.60:34058 10.11.2.83:8000 -1 -1 -1 502 - 95 208 "GET https://splunk-searchhead-elb-985980458.us-east-1.elb.amazonaws.com:443/en-US/static/@01A10D5DE1BF7BB95F1ADCF638B8180565AB351FBE677370AB336766218C13C9/build/pages/enterprise/common.js HTTP/2.0" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0" ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 arn:aws:elasticloadbalancing:us-east-1:542993520366:targetgroup/SHTargetGroup/4afe5809d39a7bac "Root=1-5aaff4c3-87775f57ad096cf7cad703d8" "splunk-searchhead-elb-985980458.us-east-1.elb.amazonaws.com" ... View more

Hello , Just asking if there was any fix available to do this properly ? I am trying to establish exactly the same functionality and it just doesn't work with any AWS Load Balancer (ALB or ELB). User Browser using HTTPs on 443 --> Hits Load Balancer --->Forward the traffic to backend nodes on HTTP port 8000 . Note I have got no issues if I just remove the SSL and simply use HTTP it just works well. I wold appreciate something to work in 2018 for this solution? ... View more

I am sorry but this is not the right solution and It doesn't work, I exactly tried the same and at the load balancer it just doesn't reach to the instance at all , Although https on port 8000 listens at the instance as I could reach to web UI using that. But when you configure the Elastic Load Balancer to use SSL and Instance protocol to use HTTPS and port 8000 it just doesn't go beyond the ELB and times out after some time. ... View more