cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
rtongue
Observer
Member since: ‎12-05-2022
‎06-12-2024
Community Statistics
Posts 4
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎12-05-2022
View All

Re: How to delete custom dashboard in a shcluster

by in Dashboards & Visualizations
‎01-09-2023 07:54 AM
‎01-09-2023 07:54 AM
I am an admin, and the UI is missing the option to delete, which I thought was by design, guess not.  Also, I cannot find the same dashboard in the master (which is also the deployer). So not sure what to do.  ... View more

How to delete custom dashboard in a shcluster?

by in Dashboards & Visualizations
‎01-09-2023 07:33 AM
‎01-09-2023 07:33 AM
Hi all, I am a very new Splunk admin, and am trying to peel back the onion on the previous admin's shenanigans in this Splunk environment. I have a "dashboard" that was created by a user in the "search" app, and they have requested that I delete the dashboard for them, as they cannot.  What is the proper way to do this? The only mention I can find of it is on all 3 search head peers under the path "/opt/splunk/etc/apps/search/local/data/ui/views/${dashboard_name}.xml" I cannot find it on the cluster master, either in /etc/apps or /etc/shcluster/apps.  Please help me figure out what to do next.  Is it as simple as just removing that xml from all 3 search heads at the same time?  Thanks in advance.  ... View more
Labels

Re: Splunk Cluster Migration to New Hardware

by in Splunk Enterprise
‎12-06-2022 06:11 AM
‎12-06-2022 06:11 AM
Thanks for the link, however I don't feel like it addresses my main concern, and that is the fact that I don't have new storage to utilize in this process and would have to decom a node before installing new.  That seems dangerous.  ... View more

How should I handle Splunk Cluster Migration to Ne...

by in Splunk Enterprise
‎12-05-2022 12:29 PM
‎12-05-2022 12:29 PM
Greetings, everyone. I apologize if this question has been answered before, but I really have a requirement to get a deeper understanding on how to proceed with this. We currently have 2 Splunk Enterprise indexer clusters, one of them is our prod infrastructure spanned across two geo-separated datacenters, with 8 nodes total, 4 in each geo-site. We also have nonprod, which is a very similar setup, but only one physical site, with 4 nodes making up the cluster. We have recently been asked to assist in migrating these clusters to brand new physical servers and have questions on the best way to proceed. First, we have local SSD storage arrays on our current physical hosts (hot tier), and our "colddb" is located on a chunk of SAN storage, connected by Fiber-channel. This is where the wrinkle is. We are not getting new SAN storage for "colddb", so we will not be able to stand these new servers up and add them to the cluster as 9th nodes, let it replicate, then remove the one it replaces, getting us back to 8, repeating for all nodes. Instead, we will have to remove the SAN allocation from the old nodes and attach to the new nodes making this type of migration impossible. My initial assumption is that instead, we will need to decom a node, and replace with a new node, one at a time, as if a node failedAm I correct in this assumption? Is there a better way to handle this, or am I stuck with the current situation? Thanks for your time. ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎06-12-2024 05:38 PM