How to configure the Qualys App for Splunk Enterprise for Kb lookup file in a...
Had few questions regarding this app, can anyone please help? 1. In a distributed envt, I have installed this app on the forwarder. The index exists on the indexer and I'm able to see the data in the...
View ArticleWhere to install apps in a distributed environment?
We have a distributed environment of one search head, one indexer and one deployment server + license master. I'm working on resolving CPU utilization issues right now related to too many scheduled...
View ArticleWhere do we install Splunk Apps (ex: Palo Alto Networks App for Splunk) in a...
In our Splunk environment we have two data centers with one indexer each and one heavy forwarder each, and then we have one distributed search head. My lab environment is my home where I install and...
View ArticleCan other users verify if this is the proper procedure to update TAs in a...
I would appreciate if the following procedure could be verified. I am planning to do the following when updating TAs: 1. Make a backup copy of the TA folder (Splunk_TA_cisco-asa for example) located in...
View ArticleWhy are reachable and searchable indexers not showing indexed data when...
Hi, In a distributed mode with 1 search head and 4 indexers, when making a search through the search head, 2 of the for 4 indexers are not showing indexed data except internal logs of other Splunk...
View ArticleHow many resources do I commit to a master node in distributed multisite...
I am in the process of setting up a distributed clustered deployment that spans 3 different sites. The deployment will live on virtual environment using VMware vSphere. I have determined the resource...
View ArticleHow to sync apps and configurations without a deployment server in my...
Hi! I have 4 Splunk servers (one per each geographical location), each with combined Indexer and Search Head roles (yes, I know that it's not good, but I'm limited with number of servers), and each...
View ArticleWhy am I getting "Error while sending public key to search peer: Connection...
I have a Splunk Server on Ubuntu and a Splunkforwarder on Ubuntu too. I want to add splunkforwarder to distributed search on Splunk server, but when try to add it, the error below is generated:...
View ArticleHow do I configure the Blueliv app to work with bundle installations in a...
Hi, We run a distributed Splunk platform where the search heads have a bundle location for apps. It seems that this app does not support this configuration and the app location is hard coded into the...
View ArticleHow to delete indexes in an indexer clustering environment?
Hi, I need to delete some indexes that I created when testing our new distributed Splunk deployment. Is it as easy as: 1. Remove the indexes I want to delete from the...
View ArticleHow to implement a test environment for our distributed search deployment?
Hello splunkers, We are planning to implement test environment for our distributed environment. Can anyone provide me a clear documentation to follow? Regards.
View ArticleHow to copy configurations from the search head, heavy forwarder, and indexer...
I have a distributed `6.2.3` setup with a single `Search head`, an `Indexer cluster` and a single `Heavy Forwarder`. This environment is pretty "dirty" (it's in a lab for testing so it gets abused) so...
View ArticleHow to set up Splunk to monitor logs and configure distributed search across...
We have four AWS accounts to host different development environments: Dev -> Tst -> Stg -> Prod Requirements: We want to set up Splunk to index/monitor logs across all accounts and provide a...
View ArticleHow to install the Splunk App for Check Point and Splunk Add-on for Check...
Hi Experts, We are looking to use the Splunk app for Check Point. Installation steps are confusing on Splunk's point of view. Our Splunk setup is distributed search with 2 search heads and 2 indexers....
View ArticleMultisite Distributed Search: Why am I getting search head error "Encountered...
Hi, In a multisite distributed search environment with 1 search head and 4 indexers, it seems that the Search Head has difficulties to retrieve answers from the different indexers. Found this error in...
View ArticleOn what instances do I install the RFC5424 Syslog add-on in a distributed...
I've been spinning my wheels for the past couple days trying to figure this out... I've read documentation and checked out Splunk Answers and things that should be working don't seem to be working. I...
View ArticleHow to install the Cisco Networks App and Add-on in a distributed search...
We are deploying a distributed Splunk instance. I install the TA-cisco_ios in my Indexers. Is there any other place need to be added? Have 1 Search Head, 2 Indexers and 2 Syslogs collectors. The syslog...
View ArticleAre performance improvements by splitting a single Splunk instance into one...
Currently, I have a combined instance where the search head and indexer are sitting on the same box. The documentation does indicate that performance improvements will be made by splitting that...
View ArticleWhy do I often see error "Asynchronous bundle replication to 2 peer(s)...
I see these bundle replication errors very often. Is there a solution or workaround? 02-15-2016 22:56:38.636 -0800 ERROR DistributedBundleReplicationManager - Unexpected problem while uploading bundle:...
View ArticleHow to integrate a multisite indexer cluster with remote standalone Splunk...
Dear Splunkers, We have a multisite Indexer Cluster in our datacenter and some remote locations with local standalone Splunk installations. Now we want to connect our search heads of the datacenters to...
View Article