×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
rkilari
Engager
Member since: ‎11-24-2017
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎11-24-2017
View All

Re: Restarting the Splunk after updating input.con...

by in Deployment Architecture
‎12-12-2017 03:37 PM
1 Karma
‎12-12-2017 03:37 PM
1 Karma
Thanks woodcock and sorry for the late response as I was on long vacation. As you mentioned (actually I forgot to mention that in my question), the logs are coming through syslog. I did the config in syslog and restarted the Syslog server and it worked. Much appreciated. Thanks, ramesh ... View more

Restarting the Splunk after updating input.conf

by in Deployment Architecture
‎11-24-2017 08:18 AM
‎11-24-2017 08:18 AM
Hi, I am new to Splunk and I need your guidance. We have Splunk landscape with deployment server, cluster master, 3 indexers and 2 searchheads. Recently we are getting unclassified data into syslog index and as per the requirement they should go to different index. After looking into splunk help, I have updated input.conf in deployment server with the new hosts with the index that are sending data. I need your help on what other steps are required to do this set up and restarting the splunk. One of colleagues suggested to apply bundle(?) to peers and I don't know what does it mean. Do I need to do anything in cluster master? Once done, how and where to do Splunk restart? Please help me with this. Thanks, Ramesh ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM
Karma from
View All