×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
vj_hawk21
Explorer
Member since: ‎08-16-2020
‎10-29-2020
Community Statistics
Posts 6
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎08-16-2020
Activity Feed
View All

Re: Splunk Installation

by SplunkTrust in Splunk Enterprise
‎10-19-2020 03:33 AM
1 Karma
‎10-19-2020 03:33 AM
1 Karma
https://docs.splunk.com/Documentation/Splunk/8.0.6/Indexer/Clusterdeploymentoverview https://docs.splunk.com/Documentation/Splunk/8.0.6/DistSearch/SHCdeploymentoverview ... View more

Re: Download raw Splunk logs via api

by in Splunk Enterprise
‎10-16-2020 12:24 AM
‎10-16-2020 12:24 AM
Hi @vj_hawk21 , When you created the Job, the sid was in the response. <sid>1258421375.19</sid> Also, you can get a list of your searches with curl -u admin:changeme -k https://localhost:8089/services/search/jobs/   BR Ralph ... View more

Re: Deployment server

by SplunkTrust in Deployment Architecture
‎08-19-2020 01:53 AM
3 Karma
‎08-19-2020 01:53 AM
3 Karma
@ @vj_hawk21, No settings on Indexers, follow the instructions at https://docs.splunk.com/Documentation/Splunk/8.0.5/Updating/Aboutdeploymentserver in few words: Install a Splunk server that forwarders its logs to indexers, create the TA_Forwarders containing outputs.conf and deploymentclient.conf; install Universal Forwarder on one or more target servers; copy the TA_Forwarders on the target servers at $SPLUNK_HOME/etc/apps; restart Splunk on the target server. at this point you should see the new clients on the DS. now, on DS: copy the TA_Forwarders and all the apps to deploy on it at $SPLUNK_HOME/etc/deployment-apps; on web gui create a ServerClass associating the target servers with the apps to deploy; TA_Forwarders, must be in all ServerClasses you create, or you can create a dedicated ServerClass containing all the target servers; remember to flag restart afte updated in all the apps. Now you should have your Deployment Server Up and running. For your knoledge, a TA must have the same folder structure of other apps: bin, default, local, metadata. The files in TA_Forwarders must be three and must be in local or in default: apps.conf (containing infos about the TA) see below, outputs.conf (to address indexes), see below, deploymentclient.conf (to address Deployment Server), see below. Apps.conf: # # Splunk app configuration file # [install] is_configured = 0 [ui] is_visible = 1 label = TA_Forwarders [launcher] author = Giuseppe Cusello description = technocal Add-On to address all the clients version = 1.0.0 Outputs.conf (if you have Indexer Discovery enabled on Indexers' Cluster): [indexer_discovery:<name>] pass4SymmKey = <string> master_uri = <uri> [tcpout:<target_group>] indexerDiscovery = <name> [tcpout] defaultGroup = <target_group> Outputs.conf (if you haven't Indexer Discovery enabled on Indexers' Cluster): [tcpout] defaultGroup = default-autolb-group [tcpout-server://xx.xx.xx.xx:9997] [tcpout-server://yy.yy.yy.yy:9997] [tcpout:default-autolb-group] server = xx.xx.xx.xx:9997,yy.yy.yy.yy:9997 disabled=false deploymentclient.conf: [deployment-client] [target-broker:deploymentServer] targetUri= zz.zz.zz.zz:8089 Don't follow my notes, see the documentation on the top!  Ciao, Giuseppe ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎10-29-2020 01:34 PM
Karma given to
View All