How can convert the replication factor raw log to ...

msplunk33 · ‎10-10-2020

How can convert the replication factor raw log to searchable data incase the searchable data is not available in a indexer. Is this a automated process by indexer or manual process.

isoutamo · ‎10-11-2020

Hi

this is automated process, which starts after CM has realized that one node is missing from cluster. Unfortunately I couldn’t found any good presentation of this. There are at least in some training materials where this was clearly presented.

r. Ismo

msplunk33 · ‎10-11-2020

@isoutamo Do you mean one node completely fail or just unresponsive. when CM start this process What is the process of restoring a comply failed node after a failure. How about the previous log this node was storing will it be automatically restored if we rejoin this node as a new fresh node with same disc structure. Do we need to manually copy the old log.

isoutamo · ‎10-11-2020

Hi

Here is described what and how bucket fixing has done when peers go offline.

https://docs.splunk.com/Documentation/Splunk/8.0.6/Indexer/Whathappenswhenaslavenodegoesdown

r. Ismo

How can convert the replication factor raw log to searchable data in index cluster

indexer

Detecting Remote Code Executions With the Splunk Threat Research Team

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

.conf24 | Session Scheduler is Live!!