Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Index Master statistics different between Settings, Indexes and Setting, Index Clustering, Indexes

thormanrd
Path Finder
‎01-14-2020 07:21 AM

I have an index cluster with 24 indexers, and a set of custom indexes that I manage on the index master in $SPLUNK_HOME/etc/master-apps/_cluster/local. When I deploy the configuration bundle the indexes are configured on the indexers and reflected in Index Master Web UI just fine. However, the statistics between the Settings, Indexes and Setting, Index Clustering, Indexes web pages on the Index Master WebUI do not match. Bucket statistics seems reasonable on the Setting, Index Clustering, Indexes tab, but the Settings, Indexes pages continues to show 0 Events and no event dates for my custom indexes. Why?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

thormanrd
Path Finder
‎01-14-2020 10:53 AM

Looks like the Settings, Indexes page has the statistics for the local file system(s) where indexed data is stored on that node. Since my index master is not an indexer, all the statistics are zero meaning there is no local bucket storage on that node. The Settings, Index Clustering, Indexes is the cluster wide metrics for all indexers cumulatively. I discovered this by browsing to all the indexers Settings, Indexes and found the metrics were different per node. All together they added up to Settings, Index Clustering, Indexes.

So, the Settings, Indexes is local. Settings, Index Clustering, Indexes is the sum of all index cluster members.

G2G

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

thormanrd
Path Finder
‎01-14-2020 10:53 AM

Looks like the Settings, Indexes page has the statistics for the local file system(s) where indexed data is stored on that node. Since my index master is not an indexer, all the statistics are zero meaning there is no local bucket storage on that node. The Settings, Index Clustering, Indexes is the cluster wide metrics for all indexers cumulatively. I discovered this by browsing to all the indexers Settings, Indexes and found the metrics were different per node. All together they added up to Settings, Index Clustering, Indexes.

So, the Settings, Indexes is local. Settings, Index Clustering, Indexes is the sum of all index cluster members.

G2G

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...