Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Initial Splunk setup.

email2vamsi
Explorer
‎03-28-2016 03:22 AM

I have integrated Search Head cluster with Indexer Cluster. I have the following two requirements now:
1. I want to send data into Search peers from forwarders and search that data from Search Members.
For this i have added a receiving port on the search peers and also ran the command "./splunk add forward-server indexer1:9997 -method autobalance" for all the peers. Still i do not see the data coming in. I am not sure where to validate the data is really coming into the system.
2. To have a dedicated deployment server by running command "./splunk set deploy-poll deploymentserver.splunk.mycompany.com:8089"

Tags (1)
0 Karma
Reply

koshyk
Super Champion
‎03-28-2016 08:56 AM

Clustering in Splunk is a whole different beast from standalone.
What I would do is go in baby steps and then horizontally expand
1. Install just a standalone splunk
2. Install deployment Server alongside this standalone splunk
3. Now make existing standalone splunk into a Search Head and add a new Indexer
4. and so on...

Also how I've done is to write apps for every thing. (eg. myapp_enable_sh_only : So the systems which receive this app, will be a search head only. Once you design it properly, Splunk works amazingly perfect)

0 Karma
Reply

gfuente
Motivator
‎03-28-2016 07:03 AM

Hello

A Search Head Cluster needs at least 3 Search Heads. In addtition to this, you need to enable receiving (9997) in the indexers, and configure the outputs accordingly in the rest of instances

regards

0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

REGISTER NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If ...

Observability | Use Synthetic Monitoring for Website Metadata Verification

If you are on Splunk Observability Cloud, you may already have Synthetic Monitoringin your observability ...

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...