既存インデックスのクラスタ化について

cipherjake · ‎02-19-2017

SplunkEnterpriseのクラスタ構成はクラスタ化の後に取込んだデータはレプリケーションされますが、既にスタンドアロンで動作しているインデックスデータに対してはレプリケーションされません。
既存のインデックスデータをクラスタ構成に組み込む方法は存在するのでしょうか？

データ(バケツ)の移行など手動で作業することも想定して何か手法をご存じの方がいらっしゃれば教えて頂ければと思います。

Splunkのバージョンは6.4.4です。

以上、宜しくお願い致します。

nickhills · ‎02-20-2017

Google Translate:

In the cluster configuration of Splunk
Enterprise, the data captured after
clustering is replicated, but it is
not replicated to index data already
running standalone. Is there a way to
incorporate existing index data into
the cluster configuration?

I think that you should tell me if you
know something by assuming that you
will manually work such as migrating
data (bucket).

Splunk version is 6.4.4.

Above, thank you.

If I understand the question, you are asking how to move data on a standalone indexer into an existing(?) cluster.

Data indexed on a standalone indexer will be marked as a legacy bucket, and will not be replicated if you enable indexer clustering - only data indexed after the cluster was built benefit from replication.

If you need to move this data from a standalone you are deprovisioning, it would be worth contacting support to see if they can assist.

If my comment helps, please give it a thumbs up!

nickhills · ‎12-19-2017

Hello - If my answer or comments helped you, please accept the answer and upvote. This helps others know that you found a solution, and how it was fixed.

If my comment helps, please give it a thumbs up!

既存インデックスのクラスタ化について

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases