×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
kfchen
Explorer
Member since: ‎11-27-2023
‎03-04-2025
Community Statistics
Posts 4
Solutions 0
Karma Given 4
Karma Received 1
Member Since ‎11-27-2023
Activity Feed
View All

Re: Disable replication factor for cold buckets on...

by in Deployment Architecture
‎03-03-2025 09:24 PM
1 Karma
‎03-03-2025 09:24 PM
1 Karma
Thanks all for the insightful discussion. Upon further research i realized i am not supposed to let my indexers see the other indexers file as well, so that's one more reason why this idea wont work out.   Cheers ... View more

Disable replication factor for cold buckets only, ...

by in Deployment Architecture
‎03-03-2025 01:16 AM
‎03-03-2025 01:16 AM
So i currently have an indexer cluster, the RF and SF is 2. My hot/warm Db and my cold bucket will be on different storage disks in a cluster which has its own replication features, and i happen to have EC+2:1, meaning the data on my cold storage will be replicated twice.  As a result, i would like to disable replication on my cold storage, but there is currently no way to do that in Splunk(or not that I know of). I am thinking of writing a cron job that deletes all replicated bucket in the cold storage disk. For this to happen, all of the indexers should be referring to a single shared file path in the cold storage. However, this begs the question: Will the search still works as per normal? Lets say the main bucket is on Indexer A  and the replicated copy is in indexer B. But my indexer A is currently under maintenance, would it be possible for lets say, index B, to query the bucket with indexer A's bid? Additionally, will indexer B sense that something is wrong and try to replicate the bucket in warm bucket again? ... View more

Re: Problem to connect with my CISCO ACI - APIC

by in Splunk Enterprise
‎02-20-2024 09:03 PM
‎02-20-2024 09:03 PM
anyone still facing this issue? is there any fix for this ... View more

Re: Restrict Index access

by in Security
‎11-27-2023 01:59 AM
‎11-27-2023 01:59 AM
Hi PickleRick,   thanks for your insights. I am currently using multiple LDAP strategies and it is causing my alot of problems like Anton mentioned with the connection order. We are looking into possibly transition from managing multiple LDAP strategies to "one LDAP strategy, many LDAP group" but that would require alot of man power on our end. Would love to hear your thoughts on managing LDAP strategies vs LDAP groups.  ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎03-04-2025 01:14 AM
Karma from
View All
Karma given to
View All