Activity Feed
- Got Karma for How to configure a multisite indexer clustering environment?. 06-05-2020 12:47 AM
- Got Karma for Load balancing & failover between two heavy forwarders. 06-05-2020 12:46 AM
- Got Karma for Load balancing & failover between two heavy forwarders. 06-05-2020 12:46 AM
- Got Karma for Load balancing & failover between two heavy forwarders. 06-05-2020 12:46 AM
- Got Karma for Load balancing & failover between two heavy forwarders. 06-05-2020 12:46 AM
- Got Karma for Load balancing & failover between two heavy forwarders. 06-05-2020 12:46 AM
- Posted Re: Why are we getting "Replication factor not met" in our multisite indexer clustering environment? on Deployment Architecture. 06-28-2015 11:46 PM
- Posted Re: Why are we getting "Replication factor not met" in our multisite indexer clustering environment? on Deployment Architecture. 06-27-2015 01:15 AM
- Posted Re: Why are we getting "Replication factor not met" in our multisite indexer clustering environment? on Deployment Architecture. 06-26-2015 06:56 AM
- Posted Why are we getting "Replication factor not met" in our multisite indexer clustering environment? on Deployment Architecture. 06-26-2015 02:38 AM
- Tagged Why are we getting "Replication factor not met" in our multisite indexer clustering environment? on Deployment Architecture. 06-26-2015 02:38 AM
- Tagged Why are we getting "Replication factor not met" in our multisite indexer clustering environment? on Deployment Architecture. 06-26-2015 02:38 AM
- Tagged Why are we getting "Replication factor not met" in our multisite indexer clustering environment? on Deployment Architecture. 06-26-2015 02:38 AM
- Posted Re: How to configure a multisite indexer clustering environment? on Deployment Architecture. 06-01-2015 10:03 PM
- Posted How to configure a multisite indexer clustering environment? on Deployment Architecture. 06-01-2015 06:07 AM
- Tagged How to configure a multisite indexer clustering environment? on Deployment Architecture. 06-01-2015 06:07 AM
- Tagged How to configure a multisite indexer clustering environment? on Deployment Architecture. 06-01-2015 06:07 AM
- Tagged How to configure a multisite indexer clustering environment? on Deployment Architecture. 06-01-2015 06:07 AM
- Tagged How to configure a multisite indexer clustering environment? on Deployment Architecture. 06-01-2015 06:07 AM
- Posted Regex for filed extraction on Splunk Search. 02-13-2014 08:12 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 1 | |||
| 0 | |||
| 0 | |||
| 5 | |||
| 0 |
06-28-2015
11:46 PM
It worked 🙂 🙂
Thanks a Lot dxu_splunk & esix_splunk ..
... View more
06-27-2015
01:15 AM
thanks dxu_splunk ...Even I also feel that these are the pre multisite clustering buckets .. The replication of main index does not give any error however 4 buckets each of audit /_internal index are not replicating .
As you responded we should keep replication factor=2 .But in that case if any disaster happens at site 1(say site 1 goes down) and if all the replicated buckets are only residing at site 1 since there are only two replicated buckets (site replication factor=2) then how would be the disaster recovery can happen ?
your help would be appreciated ..
... View more
06-26-2015
06:56 AM
nopes ..same state ...
... View more
06-26-2015
02:38 AM
We have configured multisite indexer clustering (2 peers at each site1/2 and one search head at site 1) with the below settings of server.conf of the master server and indexers .
Master server.conf
[general]
pass4SymmKey = $1$xNRfsRamx/pN
site = site1
[clustering]
available_sites = site1,site2
mode = master
multisite = true
pass4SymmKey = $1$9MxSqh+o6q08TJov
site_search_factor = origin:1,total:2
site_replication_factor = origin:2,total:3
.....................................
Indexers server.conf:
[general]
site = site1
[replication_port://7778]
[clustering]
master_uri = https://x.x.x.x:8089
mode = slave
pass4SymmKey = whatever
We are getting “Replication factor not met” error on the master server's dashboard and "Missing enough suitable candidates to create replicated copy in order to meet replication policy. Missing={ site2:1 } " error.
Only 4 audit and 4 _internal index buckets are not replicating. All the rest and main index buckets are replicating ok .plz help
... View more
06-01-2015
10:03 PM
Hi Mahamed ,
Thanks for your response .
For forwarder switching should we go for auto load balancing then ?
What would be the ideal output.conf config of the universal forwarder ?
... View more
06-01-2015
06:07 AM
1 Karma
Hi Friends ,
We have to create a multisite indexer clustering environment where Site 1 & Site 2 both will have 2 indexers at each site, overall 4 indexers. Overall 1 Search head will be there with a standby search head. Now I have two questions regarding the same.
While Configuring outputs.conf of the universal forwarder, I want the logs of all the servers at site 1 must only go to site 1 indexers(in HA) and in case of both the indexers fails at site 1 logs should go to the 2 indexers of site 2 . What would be the configuration of site. If I use Auto load balancing and mention all 4 indexers in "server = indexer1:9997,indexer2:9997,Indexer3:9997,indexer4:9997" this will distribute logs in all of them. How could I use TCP_Routing in this scenario and what would be the outputs.conf file final configuration?
To enable multisite clustering between Site1 & Site 2, what would be the server.conf file stanzas in the indexers of site1 & Site 2 ?
Thanks in advance ..
... View more
02-13-2014
08:12 PM
Feb 13 22:01:25 XXXINFQST03 sshd[9161]: Accepted password for admin from
Above is the message I am getting from Linux logs from which I want to create fileds like
Time:Feb 13 22:01:25 & User=admin
Can anyone provide me the regex for this or any other way ??
Help apprecieted ..
... View more
02-06-2014
12:04 AM
thanks ...
Could you confirm on which port S3 bucket will be connected ?
... View more
02-06-2014
12:04 AM
thanks ...
Could you confirm on which port S3 bucket will be connected ?
... View more
02-03-2014
06:20 PM
Hi ,
While integrating Splunk (via S3 app) with AWS S3 ,we are finding the below error .
A connection attempt failed because connected party did not properly respond after a period of time or connected host has failed to respond”.
We are not able to add the bucket info from Splunk Web and from config file .The environment we have is a cluster environment on Splunk 5.0.5 .Is it possible to have an issue related to Port blocking etc ?? Our environment is in AWS VPC .
Early response would be really appreciable ...
... View more
01-13-2014
11:47 PM
5 Karma
Hi ,
My Splunk architecture is like this
I have two data centers (DC) and one each heavy forwarder in them .In each DC all the servers are forwarding the logs to heavy forwarder of the same DC via universal forwarders .
both the respective heavy forwarders are sending logs further to indexers .
Now I have the below query related to heavy forwarders ,load balancing .
In case of failure of heavy forwarder of one data center ,I want all my universal forwarders directly starts polling to the other heavy forwarder .
I am aware of that we can put the ip addresses of both the heavy forwarders in output.conf file of universal forwarder however how does it make sure that universal forwarder sends logs to the heavy forwarder of its own DC only in case of normal operation .Also how in case of failure of one Heavy forwarder it will send logs to the second heavy forwarder without making any config change ?
... View more
12-26-2013
11:00 PM
I think its released now ?? could you confirm please ...
... View more
12-26-2013
10:52 PM
Can anyone confirm that ES 3 compatible with Splunk 6.0 has been released for production .Splunk websites shows ES 3 now .
Early response will be appreciated ..
... View more
