Why are ad-hoc jobs not expiring in a Splunk 6.2.6 search head cluster?
We've recently moved our production search heads to a search head cluster, since last week (6.2.6?) I have noticed that any ad-hoc jobs (via REST API or WEB UI) are not expiring and quickly stack up....
View ArticleSearch Head Clustering: How to push config bundles from a deployer to SHC...
We have an environment where restart processes are controlled and monitored via a third party tool. How do we push config bundles from a deployer to search head cluster members without a mandatory...
View ArticleClik here to view.
After upgrading a search head cluster to Splunk 6.3, why are all our launcher...
After upgrading to 6.3 (search head clustering) all our launcher app icons have disappeared even for default untouched apps. ie. search & reporting. ![alt text][1] The path to the icon shows an...
View ArticleAfter upgrading a search head cluster to Splunk 6.3. why do all menus on the...
All the menus in the top right corner no longer function after upgrading to 6.3 (search head clustering). The logged in user also doesn't show. ![alt text][1] We upgraded our members and deployer in...
View ArticleIs there a REST API call to apply shcluster-bundle with the deployer?
We need a fast and easy way to push changes to our three search head clusters and need a way to deploy updated configuration bundles with a curl cmd. I.E. curl -k -u admin:changeme...
View ArticleSplunk Add-on for Unix and LInux: Is it required to install the supporting...
Dear SPLUNK Community, According to the documentation: http://docs.splunk.com/Documentation/UnixAddOn/5.2.0/User/DeploytheSplunkAdd-onforUnixandLinuxinadistributedSplunkenvironment we need to install...
View ArticleAnyone else having problem with a 6.3.0 search head cluster talking to a...
The moment I upgraded I started getting: The searchhead is unable to update the peer information. Error = 'failed method=POST path=/services/cluster/master/generation/..../?output_mode=json...
View ArticleHow migrate dashboards of the Search App on a standalone dev Search Head to a...
Dear SPLUNK Community, I have one development Search Head and a Search Head Cluster in my cluster. I am using the default search app to create dashboards on a dev SH. I create dashboards with the admin...
View ArticleHow to remove an app from a search head cluster and cluster peers?
I wish to uninstall an app from my Search Head cluster and cluster peers. Is this the following the way to go about it? On each Search Head and peer cluster member: 1.Run the following command in CLI...
View ArticleIn Search Head Clustering, what splunkd.log entries will show when an...
I know I can run the following to get the current SHC captain, splunk show shcluster-status -auth : but for debugging, what text can I search for to see the sequence of the dynamic captain change over...
View ArticleBest practice for restoring a dashboard on a Search Head Cluster
I recently had to pull a dashboard raw XML file off of an archive. What is the process for actually putting it back in? I copied the file to the original directory ......
View ArticleAre there recommendations for upgrading a search head and indexer clustering...
Trying to work through building our first cluster. I really do not have any data that is that "important", but due to labor time to build it to this stage, am a bit hesitant to fire off a mass upgrade...
View ArticleHow can I design my search head and indexer clustering architecture?
Hi to everyone I have a design, with four Splunk instances (two search head, and two indexers). I want an "indexer cluster" (for replication and fault tolerance), and a "search head cluster" (for...
View ArticleIs KVStore supported in search head clustering?
I am trying to build a dashboard based on certain time series data for monthly and yearly trends. We have been using CSV inputlookup for that, but came to know they are not for storage. So was...
View ArticleWhy are new report accelerations showing "Summarization not started Updated:...
We're running a large Splunk cluster with search head clustering. We currently have 30 reports with acceleration turned on. I recently added a new report and turned on acceleration for the past 7 days....
View ArticleSearch Head Clustering: How to push config bundles from a deployer to SHC...
We have an environment where restart processes are controlled and monitored via a third party tool. How do we push config bundles from a deployer to search head cluster members without a mandatory...
View ArticleClik here to view.
After upgrading a search head cluster to Splunk 6.3, why are all our launcher...
After upgrading to 6.3 (search head clustering) all our launcher app icons have disappeared even for default untouched apps. ie. search & reporting. ![alt text][1] The path to the icon shows an...
View ArticleIs there a REST API call to apply shcluster-bundle with the deployer?
We need a fast and easy way to push changes to our three search head clusters and need a way to deploy updated configuration bundles with a curl cmd. I.E. curl -k -u admin:changeme...
View ArticleSplunk Add-on for Unix and LInux: Is it required to install the supporting...
Dear SPLUNK Community, According to the documentation: http://docs.splunk.com/Documentation/UnixAddOn/5.2.0/User/DeploytheSplunkAdd-onforUnixandLinuxinadistributedSplunkenvironment we need to install...
View ArticleAnyone else having problem with a 6.3.0 search head cluster talking to a...
The moment I upgraded I started getting: The searchhead is unable to update the peer information. Error = 'failed method=POST path=/services/cluster/master/generation/..../?output_mode=json...
View Article