Solved: Multisite deployment with indexers and search head...

laithmurad · ‎05-25-2014

Initially we were going to go with a standalone single Splunk server, but we have a requirement for a DR strategy, and the multisite cluster seems like the best way to go.

We're going to be provisioning 3 windows servers to achieve this, which would be functioning like this:

1 server for cluster master in site A.

1 server acting like an indexer peer and a search head in site A.

1 server acting like an indexer peer and a search head in site B.

I'm combining the search head and the indexer functionality within the same server because we don't have huge amount of data to index, and we will not be performing searches constantly.

Do we need to install 2 instances of Splunk in each server? One instance as a search head and another one as an indexer? Or can I achieve this with a single Splunk instance(installation) in each server?

Thanks.

mahamed_splunk · ‎05-27-2014

You would require 2 instances (one for indexer, and one for search head).

View solution in original post

mahamed_splunk · ‎05-27-2014

You would require 2 instances (one for indexer, and one for search head).

Multisite deployment with indexers and search heads on the same machine

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life