About mbertovic

mbertovic · ‎10-12-2017

Hi, Thanks for your reply. I've tested it out with Splunk 7 and unfortunately it is still slow as hell 😞 The problem I see is that this commands is not very noisy in logging and I can't find what "internal" issues this command have in order to work properly ? If there are some timeouts or smth.

mbertovic · ‎10-09-2017

Splunk version : 6.5.5 Splunk ES version: 4.5.1 but also 4.7.1 Is there anything I can do for further investigation ?

mbertovic · ‎09-30-2017

Hey Splunkers, I am running into issues with applying a search head cluster bundle. This bundle has around 200 MB including Splunk Enterprise Security and they run in AWS. When I apply the usual apply shcluster-bundle command, everything works fine, except that it takes ~2 hours to push it ( 3 SH ) SH deployer is running on t2.medium and searchheads on m4.xlarge. CPU is not overwhelmed during the push at all and i have also verified the bandwidth with iperf3 and it is more than allright ( ~500 Mb/s ). There are no searches running at the moment and no data are being indexed. I am just building and testing the infrastructure. I have tailed the splunkd.log during the push on the deployer and also there was no WARN or ERROR regarding that. Do you have any idea what else to test and where could potentially be the root cause ? Thank you for any feedback, Marek

Posts	3
Solutions	0
Karma Given	0
Karma Received	1
Member Since	‎09-11-2017

Online Status	Offline
Date Last Visited	‎06-05-2020 02:03 AM

Splunk search head cluster bundle push is very slo...

Re: Splunk search head cluster bundle push is very...

Re: Splunk search head cluster bundle push is very...

Splunk search head cluster bundle push is very slo...