cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
travislelledeep
Explorer
Member since: ‎09-24-2019
‎01-25-2021
Community Statistics
Posts 5
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎09-24-2019
Activity Feed
View All

Re: Best Practice when managing remote Heavy Forwa...

by in Deployment Architecture
‎01-25-2021 11:48 AM
‎01-25-2021 11:48 AM
That makes sense.   Would this be considered a Splunk best practice in this given architecture? There isn't a lot of material out there on the situations where nesting deployment servers would be a requirement, and whether Splunk suggests using its own methods to manage multiple deployment servers (nesting) or if an alternate technology should be used to manage these configurations. ... View more

Best Practice when managing remote Heavy Forwarder...

by in Deployment Architecture
‎01-25-2021 09:20 AM
‎01-25-2021 09:20 AM
What would be considered the Splunk best practice when managing multiple deployment servers in different locations that also act as log collectors, while wanting to keep configurations on each consistent as possible? Would it be a tiered deployment setup, utilizing /opt/splunk/etc/apps/ as the repositoryLocation in the serverclass deployed out to the HF/DS systems and also using this serverclass.conf to deploy out to Universal Forwarders that check into them, and then controlling which apps are enabled/disabled when they're distributed to those DS's on a central, top-tier DS? Or does Splunk recommend that something like Ansible or a similar technology be introduced to do this type of configuration deployment? ... View more

Re: Splunk add-on for AWS: In a generic S3 input, ...

by in Splunk Search
‎09-24-2019 09:27 AM
‎09-24-2019 09:27 AM
Also to clarify - since it doesn't appear I can edit my post - this was setup via the GUI, so ignore the inputs.conf-like formatting of my example, since this wasn't setup in a .conf file, I was just representing what I used for my S3 key prefix. ... View more

Splunk add-on for AWS: In a generic S3 input, can ...

by in Splunk Search
‎09-24-2019 09:06 AM
1 Karma
‎09-24-2019 09:06 AM
1 Karma
Trying to use a key-prefix when setting up a Generic S3 input that utilizes a wildcard in the path, but it doesn't look to be working. S3 key prefix = /AWSLogs/*/vpcflowlogs/ Has anyone had any luck in setting this up before? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎01-25-2021 04:37 PM
Karma from
View All