×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
saschakoerner
Explorer
Member since: ‎10-25-2020
a week ago
Community Statistics
Posts 6
Solutions 0
Karma Given 25
Karma Received 0
Member Since ‎10-25-2020
Activity Feed
View All

Connection between Splunk Enterprise and Splunk Ob...

by in Splunk Enterprise
‎08-15-2023 02:32 AM
‎08-15-2023 02:32 AM
Hi all,  we want to use Splunk Synthetic Transaction Monitoring in Splunk Observability Cloud. So we have an Account and set up some synthetic monitors.  We want to query the results of these synthetical from our Splunk Entprise On-Premise platform. For security reasons there is only a connect allowed from on-prem to Splunk Observability Cloud.  On our Test Search Head I installed the Splunk Synthetic Monitoring Add-On (https://splunkbase.splunk.com/app/5608) and have to configure an access-token for the Observability Cloud.  Which connections do I have to enable in our firewalls ?  Where do I configure the Access in Observability Cloud?    Thanks in advance for any help.    Regards Sascha    ... View more

Re: Data Age / Frozen Age (days)

by in Monitoring Splunk
‎06-08-2023 04:40 AM
‎06-08-2023 04:40 AM
Hi @gcusello ,  thanks for your answer.  we have set frozenTimePeriodInSecs globally in the indexes.conf to 7776000 (=90 days)  At the specific index we have set maxHotSpanSecs to 86400. So when I am reading the link and the documentation in my understanding index is rolling the buckets every day for a max time of 90 days.  The oldest event could only be 91 days old. Do I make a mistake ? splunk btool indexes list --debug "indexname" gives the configured parameters back.  /appl/splunk/etc/slave-apps/bit_all_indexes/local/indexes.conf frozenTimePeriodInSecs = 7776000 /appl/splunk/etc/slave-apps/bit_all_indexes/local/indexes.conf maxHotSpanSecs = 86400 Regards ... View more

Re: Data Age / Frozen Age (days)

by in Monitoring Splunk
‎06-08-2023 01:57 AM
‎06-08-2023 01:57 AM
Hi,  if index is configured with maxHotSpanSecs = 86400 I thought that index buckets will be rolled every day. But in when I check index details: instance I have the following:  Data Age 422 <-> Frozen Age (days): 90 Any ideas on that ? Kind regards ... View more

Reference Architecture for multiple IDX and SH Clu...

by in Deployment Architecture
‎04-27-2023 11:44 AM
‎04-27-2023 11:44 AM
Hi guys,  one question.  We have a midsize Splunk environement. Data which is delivered to be ingested is increasing.  We need an architecture where we can handle our high performance data and on the other hand the normal data.  High performance data: high amount of data which needs to be ingested very fast ingested AND is under heavy search load from a specific known user group.  Are there any sugestions.  An idea is to separate data ingestion into differents streams like this : +--------------------------------------------------------------+ | Loadbalancer (Ingress) | +--------------------------------------------------------------+ | | | +-----------------------+ +-----------------------+ +-----------------------+ | Forwarder Grp 1 / HEC | | Forwarder Grp 2 / HEC | |Forwarder Grp 3 / HEC | +-----------------------+ +-----------------------+ +-----------------------+ | | | +-----------------------+ +-----------------------+ +-----------------------+ | Indexer Cluster 1| | Indexer Cluster 2| | Indexer Cluster 3 | | (High-Performance IDX)| | (Normal IDX) | | High-Performance IDX)| +-----------------------+ +-----------------------+ +-----------------------+ | | | +-----------------------+ +-----------------------+ +-----------------------+ | Search Head Cluster | | Search Head Cluster | | Search Head Cluster | | for Power Users | | for OpenShift | | for Normal Users | +-----------------------+ +-----------------------+ +-----------------------+ | | | +-----------------------+ +-----------------------+ +-----------------------+ | Loadbalancer (SH1) | | Loadbalancer (SH2) | | Loadbalancer (SH3) | +-----------------------+ +-----------------------+ +-----------------------+ is this realisable ? Are there reference architectures with detailed descriptions about the other components and config items.  Best regards from switzerland Sascha  ... View more
Contact Me
Online Status
Offline
Date Last Visited
a week ago