Solved: Re: Installing a TA in a Splunk Cluster

agodoy · ‎08-06-2013

I have the SoS TA and *nix TA installed on my search peers. I have also enabled the inputs and deployed the bundle via cluster master (5.0.4 permission issue is now gone). However, I do not see any data from my search peers.

Do I also need to configure outputs.conf so that the search peers send that to the themselves?

Am I missing something else?

Thanks

agodoy · ‎08-06-2013

I found the problem. Documentation.

I was putting the TA directories in $SPLUNK_HOME/etc/master-apps/_cluster, but they need to be in $SPLUNK_HOME/etc/master-apps .

View solution in original post

agodoy · ‎08-06-2013

I found the problem. Documentation.

I was putting the TA directories in $SPLUNK_HOME/etc/master-apps/_cluster, but they need to be in $SPLUNK_HOME/etc/master-apps .

agodoy · ‎08-06-2013

Nothing from ExecProcessor at all.

sowings · ‎08-06-2013

Do you see log events from ExecProcessor indicating a permissions failure, or perhaps some other error condition?

It sounds like the steps you've taken are correct.

Installing a TA in a Splunk Cluster

Join Us for Splunk University and Get Your Bootcamp Game On!

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

Announcing Scheduled Export GA for Dashboard Studio