Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

SH cluster, can't delete objects

verbal_666
Builder
‎03-15-2017 01:34 AM

We recently turned a single SH into a 3 SHs Cluster.

Now we cannot manager some object, since we have not the "move" or "delete" actions...

Example, in savedsearch.config, we have many alerts (66), many of them, with same permission, managed by Admin, have not the "move" and "delete" icon in Actions, others have them in Web UI.

Splunk 6.4.3 build b03109c2bad4

Bug? Need an update? Is there a fix?

Thanks.

Tags (1)
0 Karma
Reply

skalliger
Motivator
‎07-19-2017 04:35 AM

It's not a problem of the cluster, but of your config location. Your files are stored under default, am I correct?
You can only delete or move objects via the GUI when they're stored under local.

Skalli

0 Karma
Reply

verbal_666
Builder
‎07-19-2017 08:59 AM

Need to verify it. Tomorrow i'll do. Maybe it's so! Tomorrow i'll verify and try a move of the objects with splunkd down. Thanks for now.

0 Karma
Reply

skalliger
Motivator
‎07-20-2017 04:15 AM

You're welcome. I hope that was the problem, keep us updated.

0 Karma
Reply

verbal_666
Builder
‎07-20-2017 10:04 AM

Had not time today to test. Also is a shared Environment, i can't shutdown processes as i want whenever i want 😉 i'll test it asap... the only thing i can say just now: we have surely many .conf divided in both default & local path; so i'll need also to merge them 😞 a big work... see asap... thanks

0 Karma
Reply

koshyk
Super Champion
‎03-15-2017 04:01 AM

it is not that simple to change a non-cluster SH to a cluster SH. Did you setup a deployer?
What i would do is to backup your configs, clean up all SH cluster members from scratch, set-it up and deploy from deployer using the backedup code.

0 Karma
Reply

verbal_666
Builder
‎03-23-2017 04:49 AM

I came now, with a "little" delay, in front of difference between Deployment & Deployer!!! 😐 😐 😐

So, we have a Deployment to distribuite apps to Forwarders. This is not the point.

And, YES, we have a Deployer to distribute apps to SHs, but still not working. So, the fact is here. Next step is to make the Deployer working.

Thanks. And sorry for the misunderstanding 🙂

0 Karma
Reply

verbal_666
Builder
‎03-15-2017 05:11 AM

Yes. We have 1 DS inside and 2 Indexers.

So, there no "easy fix"? I really didn't want just to backup all .conf, maybe join them, and redistribute 😞

But if it's the only solution... we approach the problem so...

Thanks.

0 Karma
Reply

verbal_666
Builder
‎03-15-2017 03:14 AM

Here's the Web UI example, to see...

alt text

Preview file
1 KB
0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

REGISTER NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If ...

Observability | Use Synthetic Monitoring for Website Metadata Verification

If you are on Splunk Observability Cloud, you may already have Synthetic Monitoringin your observability ...

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...