Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to show a deployed index in Splunk Web on a search head to add data?

YoungDaniel
Path Finder
‎12-10-2015 04:15 AM

Hi,

We are using a Splunk Enterprise installation that uses the following:
1 search head, also acts as a deployment server and license manager.
1 indexer, with no gui.

I have created a deployment app on the Search head called test-indexes. It contains a /test-indexes/default/indexes.conf
In indexes.conf I have created an index called [test] with the default bucket paths, maxdatasize and maxtotaldatasize attributes.

The index has been deployed on the indexer, and is visible in opt/splunk/var/lib/splunk directory. both in test.dat and test directory.

My issue is that even though the index is deployed, there is no way for me to be able to add data to the index from the search head.
It does not exist in the settings->indexes view in Splunk Web (search head).

How can I resolve this issue?

// Daniel

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

renjith_nair
Legend
‎12-10-2015 04:55 AM

You will be able to add data only to local indexes through web , ie; index which are created on search head. To load data to test index on indexer, you have to either use indexer's web or configure forwarder to forward data.

Happy Splunking!

View solution in original post

Reply
Solved! Jump to solution
Solution

renjith_nair
Legend
‎12-10-2015 04:55 AM

You will be able to add data only to local indexes through web , ie; index which are created on search head. To load data to test index on indexer, you have to either use indexer's web or configure forwarder to forward data.

Happy Splunking!
Reply
Solved! Jump to solution

YoungDaniel
Path Finder
‎12-10-2015 04:59 AM

Ok, but running the | dbinspect index=test command didn't render any results even though bucket paths are declared. Is that because there is no data in the index?

0 Karma
Reply
Solved! Jump to solution

renjith_nair
Legend
‎12-10-2015 05:18 AM

Easiest way to find whether the index is created is ,
Click Settings > Access Controls edit or add a role and check in "Indexes searched by default" section to see if the index is listed.
or
run
|tstats count where index=* and see if your index is listed

Happy Splunking!
0 Karma
Reply
Get Updates on the Splunk Community!

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...