Hello,
I'm deploying a search head cluster and I have a doubt about the steps described on the following link:
https://docs.splunk.com/Documentation/Splunk/7.2.1/DistSearch/SHCdeploymentoverview
I understand that server.conf file is the file that you can find on /opt/splunk/etc/system/default folder, it's ok?
On this file I can see too the configuration line "disabled=true" but documentation don't specify as necesary modify this flag, it's ok or should I change to false?
Thanks
HI,
you do not want to change server.conf in /opt/splunk/etc/system/default. If you want to change config in server.conf than create a new server.conf in /opt/splunk/etc/system/local and change only the stanzas that are neccessary. Do not copy the whole default/sever.conf content.
Kind Regards
Thanks for your answer.
And what about "dissabled=true"?
just follow the steps in the manual that you liked and you should be fine
Depends where in server.conf this was set, but if it was set in default server.conf could have its right to be there, If the manual it not teling you to change this, then dont.
Did this work for you ?
if it helped please accept the question 🙂