All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Search Activity App - Plans to migrate to DM and SHC support ?

theunf
Communicator
‎06-07-2015 02:49 AM

Liked you app but cannot use on my SHC environments.

Do you plan to move to DM with acceleration ?
When we´ll have SHC support ?

Reply

David
Splunk Employee
Splunk Employee
‎06-07-2015 02:29 PM

Unfortunately, because the app relies on a search to populate TSIDX rather than raw events, it isn't a good candidate for data models. (Would that it were!)

My general recommendation would be to install it on your DMC (Distributed Management Console) server. The DMC also needs to be installed on a box outside of the cluster, and fulfills similar roles. You should be forwarding logs from your SHC members to the indexers, so you can install it wherever you want. The large beta customer for the app has something like 12 different search heads across the organization. By installing this app on one server, they can get visibility across all their search heads. A Splunk-internal installation of the app pulls in data from something like 30 or 40 search heads, at which point some of the graphs become a little silly, but overall the system works well!

Does that sound viable for your environment? There are certainly approaches you could take to deploy the app on a SHC member (without benefiting from the HA of SHC), but for most customers it makes more sense to leverage the forwarding of logs and install on an admin box.

0 Karma
Reply

David
Splunk Employee
Splunk Employee
‎11-10-2015 09:40 PM

I've had a few new requests to support a SHC installation. If you feel that you need this in order to be successful, please let me know!

0 Karma
Reply
Get Updates on the Splunk Community!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...

Splunk APM: New Product Features + Community Office Hours Recap!

Howdy Splunk Community! Over the past few months, we’ve had a lot going on in the world of Splunk Application ...

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...