How to configure IMAP Mailbox in a distributed environment?
I am new to Splunk and need to configure emails coming from different mailboxes into Splunk. I have downloaded the IMAP Mailbox app from the deployment server UI. I need to figure where and what...
View ArticleHow to generate storage and license usage reporting in a distributed Splunk...
I have a License Master configured with 10 salves (about 5 Indexers and 5 forwarders). Indexer1 - testindex1, testindex2,testindex3 Indexer2 - testindex4, testindex1, testindex5 Indexer3 - testindex1,...
View ArticleAre there set guidelines for Splunk search best practices, and are there any...
I am not sure exactly how to ask this question, so I will try to just dive right in. Background: I work for a company that has a lot of environments for different customers. The hosts in these...
View ArticleHelp with distributed search and multi-site index clustering
Hi, I've setup a dev env with 3 sites. I also have a SHC configured, and need to setup distributed search, so the SH read from the IDX. Looking at this page -...
View ArticleIndexer not searchable by Search head
I'm having a problem where I have 5 indexers and 1 search head. All 5 show up in the search peers under distributed search. I've verified through the metrics.log that the indexer is receiving data....
View ArticleWhy is one transform overriding the other with my current configuration?
Hey there, I have the following in my props.conf file: [tomcat-appl] TRANSFORMS-set = createsource, instance This takes a monitored folder I have (with a dozen or log files) all set to the sourcetype...
View ArticleHow to disable a search peer via the CLI or REST API call?
Hi Splunkers, Is there a way to disable a search peer via the CLI or an API call? Specifically, I would like to set this param via CLI or REST API, and without having to restart splunk: #...
View ArticleNo _internal results from distributed search head
As a pretty new user, I recently installed the Universal Forwarder on a Linux server, created a file input, and forwarded to an indexer. This was working fine. Then as a result of a support case, I had...
View ArticleAre these the correct steps to upgrade all instances in my distributed search...
Hi All, I have a distributed environment with a deployment server, search head, and multiple indexers. I have to perform a Splunk upgrade from 6.2 to 6.3. I believe the following steps will be good....
View ArticleWhy are we getting "Status 502 while sending public key to search peer No...
Steps we followed: 1) Both the hosts (peer) are in the same network 2) Disabled antivirus, firewall on peer system and local system 3) Ping peer system - successful 4) Then provided IP:port, peer...
View ArticleHow to set up Splunk to monitor logs and configure distributed search across...
We have four AWS accounts to host different development environments: Dev -> Tst -> Stg -> Prod Requirements: We want to set up Splunk to index/monitor logs across all accounts and provide a...
View ArticleHow to install the Splunk App for Check Point and Splunk Add-on for Check...
Hi Experts, We are looking to use the Splunk app for Check Point. Installation steps are confusing on Splunk's point of view. Our Splunk setup is distributed search with 2 search heads and 2 indexers....
View ArticleMultisite Distributed Search: Why am I getting search head error "Encountered...
Hi, In a multisite distributed search environment with 1 search head and 4 indexers, it seems that the Search Head has difficulties to retrieve answers from the different indexers. Found this error in...
View Articleaccelerated searches broken after SH flip between primary and secundary
In a non clustered SH environment of ours we had to flip between our primary and secondary SHs so we'll do a HW replacement These were the steps I took - stop both SHs - tar czvf...
View ArticleIn the upcoming Dynatrace Application Performance Management, what should we...
Hello ! My customer has recently made the choice to contract with Dynatrace APM. I am very satisfied with that decision as Dynatrace provides a Splunk application that easily makes the link between our...
View ArticleHow to distribute Distributed Search configuration using a deployer for a...
Hi, We recently set up a SH Cluster which includes 3 members and one deployer. Basic replication seems to be working fine(tested by creating a dashboard on one member), but running into issues when...
View ArticleSplunk Add-on for Infoblox: Why are sourcetype transformations not working...
We recently moved from a single indexer/search head to a distributed environment. I have a couple of apps/TA's that have sourcetype transforms, one being Splunk Add-on for Infoblox. This TA stopped...
View ArticleHow can I set up the "Log Event" alert action in a distributed environment?
Hello, I am trying to use the new alert action "Log event" in a distributed environment (Search Head 6.4.0 & Indexers 6.2.2). Unfortunately, I doesn't work properly. For the test, I set the "main"...
View ArticleHow to share and manage searches across Splunk instances?
We have multiple Splunk instances (webui & indexer) that we manage. They're currently kept isolated by design. However, we're trying to figure out the best way to share searches and distribute...
View ArticleIf we currently have 5 heavy forwarders sending logs to a single indexer, how...
Dear Experts, We have a Distributed environment using around 5 heavy forwarders across various locations sending logs to a central indexer. Now we have a requirement to forward the raw logs to another...
View Article