- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Splunk DB Connect: If using Output connection to i...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dears,
i would like to install Splunk DB connect v3 but i have questions regarding recommended setup of it in a Heavy Forwarder. In case i am using Output connection to insert in database, how is the Heavy forwarder supposed to be able to search my events in the index layer?
thanks in advance
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You will have to make your Heavy Forwarder a full Search Head by adding your Indexers as Search Peers (or migrate this function to your Search Head).
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You will have to make your Heavy Forwarder a full Search Head by adding your Indexers as Search Peers (or migrate this function to your Search Head).
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
agree with you but my questions is Guide already informed us to not add DB connect on SH cluster
So why they going for that they adding now extra processing to HF
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
These roles are just names. Make your HF a Search Head, too. Just use the GUI to add the Search Peers and that's it. It is just a name, for the most part. Do not add this stand-alone Search Head to the other SHC and DO NOT let other people login to it to run searches here.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for pointing this out.
Should really be documented. This and HEC dependency
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The Heavy Forwarder is to run the DB Connect queries and then send (outputs.conf pointing to your Indexer tier) to your Indexers. The Heavy Forwarder does not "search your events" at all; it GENERATES them and stores them on the Indexers.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
you are talking about Input connection which mean run query into database and send data to indexers
but i am talking about inserting data from splunk to Database through Output connection in DB connect it self
how supposed DB connect will search my events that exist in indexer tier
Routing logs with Splunk OTel Collector for Kubernetes
Welcome to the Splunk Community!
Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM
