Install Website Monitoring App in Splunk Cluster

shangshin · ‎02-06-2014

Hi,
I have a Splunk cluster with 2 search indexers and 3 search heads. I would assume this app should be installed on the search head. All the data/ping result generated by this app is stored locally on each search head. The problem is users won't see the same result from each search head.

Is it possible to store the result on the indexers so each search head can have the same view?

Thanks in advance!

martin_mueller · ‎02-06-2014

Without knowing that app in particular inside-out, you can configure any Splunk instance to forward some data to another (set of) Splunk instances. In your case, you'd need to change the input configuration to not index locally but rather to forward to your two indexers. Then the other search heads should see the data as well.

As an alternative, you could add the generating search head to the other search heads as a search peer... but that feels a bit weird, it would mess up the separation of concerns and redundancy of your clustered indexers.

shangshin · ‎02-06-2014

Many thanks for the reply. I agree this is the right approach.

I am looking at the splunk doc for inputs.conf but the instruction is clear.

I would appreciate if you can provide a sample for this in inputs.conf

_TCP_ROUTING = ,,, ...
* Comma-separated list of tcpout group names.
* Using this, you can selectively forward the data to specific indexer(s).

Install Website Monitoring App in Splunk Cluster

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life