Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do you search for all data on one index server in a cluster?

broberg
Communicator
‎01-21-2019 04:29 AM

We got a large Splunk distributed environment and for troubleshooting i want to search for all data in only one index server and not on the cluster.

I don't want the search or a search request to go to any of there other index servers.

Is this possible?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

dkeck
Influencer
‎01-21-2019 06:29 AM

Hi,

just add a splunk_server=your indexer name

e.g. index=_internal splunk_server=your indexer name

to your search

View solution in original post

Reply
Solved! Jump to solution
Solution

dkeck
Influencer
‎01-21-2019 06:29 AM

Hi,

just add a splunk_server=your indexer name

e.g. index=_internal splunk_server=your indexer name

to your search

Reply
Solved! Jump to solution

dkeck
Influencer
‎01-21-2019 10:33 PM

Any luck with that?

If it helped please accept the answer 🙂 Thank you

0 Karma
Reply
Solved! Jump to solution

broberg
Communicator
‎01-22-2019 02:11 AM

Hi, yes that actually worked. I thought it would send the search to all index servers but it actually did not. Thank you.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...