×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
ngablern
New Member
Member since: ‎11-25-2020
‎08-25-2023
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎11-25-2020
View All

Re: Deleting audit events will be logged in the in...

by in Getting Data In
‎08-25-2023 01:31 PM
‎08-25-2023 01:31 PM
Did you ever get an answer on this?  There has to be a way to alert on or audit deletion of logs. ... View more

Can I configure apps to only use specific index cl...

by in Deployment Architecture
‎12-17-2020 11:38 AM
‎12-17-2020 11:38 AM
So I am in somewhat of a fun situation where we have multiple instances of Splunk installed each with their own index clusters and search head clusters.  I know you can configure search heads to search multiple index clusters, but not all my index clusters have the "same" data in a named index (mainly, index=main).  So what I was wondering is if I install all the apps from all of the instances onto the search head cluster that is configured to connect to all index clusters, I can tell those apps to only look to the appropriate index cluster that has the data they want?  I think I could accomplish this with sites maybe if I can tie an app to a site.  But I am not finding either index cluster or site configurations for individual apps.  The point would be to provide a single place to login and be able to see all the splunk data and to eventually retire the now extraneous search head clusters without the apps having to search multiple "main" indexes in clusters that don't have the data they are looking for. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎08-25-2023 04:56 PM