Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About xiaoweiwu
xiaoweiwu
New Member
Member since:
05-16-2019
06-05-2020
Community Statistics
| Posts | 6 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 05-16-2019 |
Activity Feed
- Posted Re: Send data via Splunk REST API to a Heavy Forwarder requires index on the HF? on Getting Data In. 05-21-2019 11:06 AM
- Posted Re: Send data via Splunk REST API to a Heavy Forwarder requires index on the HF? on Getting Data In. 05-20-2019 09:55 AM
- Posted Re: Send data via Splunk REST API to a Heavy Forwarder requires index on the HF? on Getting Data In. 05-20-2019 09:27 AM
- Posted Re: Send data via Splunk REST API to a Heavy Forwarder requires index on the HF? on Getting Data In. 05-20-2019 06:04 AM
- Posted Re: Send data via Splunk REST API to a Heavy Forwarder requires index on the HF? on Getting Data In. 05-20-2019 06:04 AM
- Posted Send data via Splunk REST API to a Heavy Forwarder requires index on the HF? on Getting Data In. 05-17-2019 07:31 AM
- Tagged Send data via Splunk REST API to a Heavy Forwarder requires index on the HF? on Getting Data In. 05-17-2019 07:31 AM
- Tagged Send data via Splunk REST API to a Heavy Forwarder requires index on the HF? on Getting Data In. 05-17-2019 07:31 AM
- Tagged Send data via Splunk REST API to a Heavy Forwarder requires index on the HF? on Getting Data In. 05-17-2019 07:31 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 |
05-21-2019
11:06 AM
Not to ignore your comments. Why is the event collector is better? Just want to know your view point.
... View more
05-20-2019
09:55 AM
I think i've gone on a tangent. All I wanted to know is for REST API, it's pushing data to this URI.
http://[Splunk IP]:8089/services/receivers/simple?index=myindex&source=sccm.py&sourcetype=web_event
If no index is required on the HF, then it will be sent to the indexer directly.
Is that correct?
... View more
05-20-2019
09:27 AM
ok, I was able to find on the HF at this location for the indexes.conf.
/opt/splunk/etc/apps/search/local
And I've found the index in that indexes.conf file.
[myindex]
coldPath = $SPLUNK_DB/myindex/colddb
enableDataIntegrityControl = 0
enableTsidxReduction = 0
homePath = $SPLUNK_DB/myindex/db
maxTotalDataSizeMB = 512000
thawedPath = $SPLUNK_DB/myindex/thaweddb
... View more
05-20-2019
06:04 AM
i do want to mention. I have an index on the HF. I am not sure why it is not in the indexes.conf.
... View more
05-20-2019
06:04 AM
I did look at my HF.
There is no entry in the indexes.conf at this location /opt/splunk/etc/system/default.
Here is outputs.conf in /opt/splunk/etc/system/local
[tcpout]
defaultGroup = default-autolb-group
indexAndForward = 1
[tcpout:default-autolb-group]
server = xx.xx.xx.xx:9997
[tcpout-server://xx.xx.xx.xx:9997]
... View more
05-17-2019
07:31 AM
We have indexer cluster setup. We are trying to use the REST API on the Heavy Forwarder to receive data update. But i am not sure if creating index on the HF is required to make sure indexer gets the data.
I do see an earlier posting is similar to this one. Since it's an old posting, i just want to confirm If using REST API on the HF, while output.conf can point to the indexer/cluster would work, with no index stored on the HF.
https://answers.splunk.com/answers/38176/data-indexed-via-rest-api-then-forwarded-on-to-another-indexer.html?utm_source=typeahead&utm_medium=newquestion&utm_campaign=no_votes_sort_relev#comment-746203
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
