Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Cluster question

dolejh76
Communicator
‎03-14-2017 09:00 AM

We have a server in Omaha and a server in Jacksonville.

Currently all items are forwarded to Omaha so when I log into Omaha I can see Omaha and Jacksonville. When I log into Jacksonville I cant see anything.

How do I set it so that in Jacksonville I can see Jacksonville. I don't want to replicate all Omaha indexes to Jacksonville, but I would like to be able to see Jacksonville when logged into Jacksonville.

Thanks
John

Tags (1)
0 Karma
Reply

esix_splunk
Splunk Employee
Splunk Employee
‎03-14-2017 10:45 PM

Sounds to me like you are not indexing in Jacksonville, you are just forwarding events.

You either need to index and forward events from Jacksonville, or you need setup distributed search from the Jacksonville instance(s).

Read this : https://docs.splunk.com/Documentation/Splunk/6.5.2/DistSearch/Configuredistributedsearch

What you want to do is add the Omaha indexer as a peer to Jacksonville. Be aware there are some bandwidth and latency issues to be considerate of...

0 Karma
Reply

dolejh76
Communicator
‎03-15-2017 06:03 AM

Ill take a look - thanks

0 Karma
Reply

somesoni2
Revered Legend
‎03-14-2017 09:03 AM

Does your search head has both Omaha and Jacksonville indexers added as Search Peer?

0 Karma
Reply

dolejh76
Communicator
‎03-14-2017 10:41 AM

Logged into Omaha - I see Jax as a Peer, and Omaha as a search head.

0 Karma
Reply

somesoni2
Revered Legend
‎03-14-2017 11:03 AM

What you do see in Jacksonville? Do you see Omaha as Peer?

0 Karma
Reply

dolejh76
Communicator
‎03-14-2017 11:12 AM

If I log into Jax - I just see - Clustering: Peer Node and Jax.

0 Karma
Reply

mrgibbon
Contributor
‎03-14-2017 10:29 PM

Sounds like you need to add Omaha as a search peer on the Jax machine.

0 Karma
Reply
Get Updates on the Splunk Community!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...

Splunk APM: New Product Features + Community Office Hours Recap!

Howdy Splunk Community! Over the past few months, we’ve had a lot going on in the world of Splunk Application ...

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...