Splunk Enterprise

Splunk new index

vemurisurya
Path Finder

Hi,
if some one come and ask me to create a index splunk to indext the data from the new data source.
what happens if created that index from searchhead
and write a stanza to indexs.conf file in masterserver server and push those changes to all other peer nodes (indexers cluster)

Tags (1)
0 Karma
1 Solution

inventsekar
Super Champion

without cluster, i think, we can not create indexes on search heads (thru splunk GUI when we create, it creates on indexer, not on Search Head, i think)

Regarding indexer cluster,

Note: To add a new index to an indexer cluster, you must directly edit indexes.conf. You cannot add an index via Splunk Web or the CLI. For information on how to configure indexes.conf for clusters, see Configure the peer indexes in an indexer cluster. That topic includes an example of creating a new cluster index.
http://docs.splunk.com/Documentation/Splunk/6.6.1/Indexer/Setupmultipleindexes

Important: You cannot use Splunk Web or the CLI to configure index settings on peer nodes. You must edit indexes.conf directly.

Configure the peer indexes in an indexer cluster -
You configure indexes by editing the indexes.conf file. This file determines an indexer's set of indexes, as well as the size and attributes of its buckets. Since all peers in a cluster must use the same set of indexes (except for limited purposes, described later), the indexes.conf file should ordinarily be the same across all peers.

The cluster peers deploy with a peer-specific default indexes.conf file that handles basic cluster needs. If you want to add indexes or change bucket behavior, you edit a new indexes.conf file in a special location on the master and then distribute the file simultaneously to all the peers.

http://docs.splunk.com/Documentation/Splunk/6.6.1/Indexer/Configurethepeerindexes

PS ... If any post helped you in any way, pls give a hi-five to the author with an upvote. if your issue got resolved, please accept the reply as solution.. thanks.

View solution in original post

inventsekar
Super Champion

without cluster, i think, we can not create indexes on search heads (thru splunk GUI when we create, it creates on indexer, not on Search Head, i think)

Regarding indexer cluster,

Note: To add a new index to an indexer cluster, you must directly edit indexes.conf. You cannot add an index via Splunk Web or the CLI. For information on how to configure indexes.conf for clusters, see Configure the peer indexes in an indexer cluster. That topic includes an example of creating a new cluster index.
http://docs.splunk.com/Documentation/Splunk/6.6.1/Indexer/Setupmultipleindexes

Important: You cannot use Splunk Web or the CLI to configure index settings on peer nodes. You must edit indexes.conf directly.

Configure the peer indexes in an indexer cluster -
You configure indexes by editing the indexes.conf file. This file determines an indexer's set of indexes, as well as the size and attributes of its buckets. Since all peers in a cluster must use the same set of indexes (except for limited purposes, described later), the indexes.conf file should ordinarily be the same across all peers.

The cluster peers deploy with a peer-specific default indexes.conf file that handles basic cluster needs. If you want to add indexes or change bucket behavior, you edit a new indexes.conf file in a special location on the master and then distribute the file simultaneously to all the peers.

http://docs.splunk.com/Documentation/Splunk/6.6.1/Indexer/Configurethepeerindexes

PS ... If any post helped you in any way, pls give a hi-five to the author with an upvote. if your issue got resolved, please accept the reply as solution.. thanks.
Get Updates on the Splunk Community!

Happy CX Day to our Community Superheroes!

Happy 10th Birthday CX Day!What is CX Day? It’s a global celebration recognizing innovation and success in the ...

Check out This Month’s Brand new Splunk Lantern Articles

Splunk Lantern is a customer success center providing advice from Splunk experts on valuable data insights, ...

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...