×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
anglewwb35
Explorer
Member since: ‎06-27-2024
‎04-01-2025
Community Statistics
Posts 8
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎06-27-2024
Activity Feed
View All

Re: Removing deployer from one of the search head ...

by SplunkTrust in Splunk Enterprise
‎02-28-2025 06:19 AM
‎02-28-2025 06:19 AM
This should works if and only if you are managing those saved searches on SHC's GUI not via deployer. Of course you must install those apps 1st with deployer and it installs those on both SHC: You must also understand that those both SHC:s probably use same indexers and then indexers can actually be your bottleneck not SHCs? ... View more

Re: Using the same machine for deployment server a...

by SplunkTrust in Deployment Architecture
‎02-13-2025 01:44 AM
‎02-13-2025 01:44 AM
One more comment which is mandatory to know. You cannot manage DS itself with DS functionality! Don't even try it!!! For that reason it's good to use dedicated DS server if/when you have several clients to manage. DS can be a physical or virtual server. It's no mater if there are enough resources for it. Currently you can even make pool of DSs as working like one. If you are Splunk Cloud customer you can order dedicated DS license from Support by creating a service ticket. I have never try if I can do this also as Splunk Enterprise customer too? After 9.2 there are some new configuration options what you must to do in DS especially if/when you are forwarding it's log to centralized indexers. ... View more

Re: Deploying deployer to two search head cluster

by SplunkTrust in Splunk Enterprise
‎01-28-2025 11:56 AM
‎01-28-2025 11:56 AM
Do you have at least 6 nodes (3+3) for those two SHCs? If yes, then you should do bootstraps 1st e.g for first three nodes and selecting one of those and captain. Then do same for last three nodes and select one of those to be a captain. There are clear instructions how to do it for one SHC in docs.splunk.com But why you are needing two SHC with only one deployer? Have you tens of members on both SHC or what is your business reason for that configuration? ... View more

Re: Risk items identified with mongodb with kvstor...

by SplunkTrust in Splunk Enterprise
‎01-22-2025 11:08 PM
‎01-22-2025 11:08 PM
1. As @VatsalJagani already pointed out - mongodb is an integral part of Splunk distribution and Splunk relies on it to work properly. Therefore changing its configuration is not recommended and you're very likely to cause problems if you're changing things without deep understanding of their impact for the whole environment. 2. Baseline checks, vulnerability scans and such are just tools to help you assess the state of the system, not do the job for you. They alone are not sufficient grounds for telling you what is OK and what is not. Running them blindly and following their "recommendations" without understanding the results of performed tests and their context is not a good practice. ... View more

Re: (Beginner) Splunk with Sentinelone

by in All Apps and Add-ons
‎11-22-2024 01:01 PM
‎11-22-2024 01:01 PM
they are probably talking about this   https://www.sentinelone.com/partners/featured-partner-splunk , but it that resource and what it links to haven't answered my questions about getting the SentinelOne Splunk app working    ... View more

Re: sentinelone app no longer able to connect to s...

by in All Apps and Add-ons
‎07-10-2024 11:58 AM
‎07-10-2024 11:58 AM
Thanks @Dallastek1  Did you use just this app in Cloud or also another app (IA, TA add-ons) on Heavy Forwarder?   ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎04-01-2025 06:13 AM
Karma from
View All