Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Could I install a search head and an indexer on different operating systems?

Afef
Communicator
‎12-09-2015 12:31 AM

Hello,

I have one Splunk instance (Windows) and I would like to add a Linux search head for the indexer. Could I do this? Will this cause problems?

Thanks

Reply

woodcock
Esteemed Legend
‎12-09-2015 12:54 AM

You can mix-and match HW and OS anywhere and it should work fine. The only exception is that if you use a Windows Deployment Server for Linux Forwarders, you are likely to have problems with permissions.

0 Karma
Reply

s2_splunk
Splunk Employee
Splunk Employee
‎12-09-2015 11:36 AM

There is one other notable exception: If you are using indexer clustering, all indexers must be at the same OS flavor and version AND Splunk needs to be at the exact same version on all peer nodes as well.
So you can't have five Windows boxes and two Linux servers be part of a cluster. But no sane person would consider doing that anyway....
I would generally try to stick with a homogeneous search, indexing & management environment as much as possible (preferably Linux) for all kinds of reasons.

0 Karma
Reply

Afef
Communicator
‎12-14-2015 12:18 AM

No, i have one indexer (windows) and i would add a linux search head, is this possible ?

0 Karma
Reply

MuS
SplunkTrust
SplunkTrust
‎12-14-2015 12:57 AM

Yes, it is possible.

0 Karma
Reply

Afef
Communicator
‎12-09-2015 01:07 AM

No, i have a windows indexer which contains also the deployment server and i would like to add a linux search head for the entreprise security app

0 Karma
Reply

javiergn
SplunkTrust
SplunkTrust
‎12-09-2015 03:24 AM

Isn't the Windows Deployment Server for Linux Forwarders even worse? That's what we had in my last place and it was breaking the permission model every single time a deployment was made, so we ended up scripting a fix for it.

I thought this wasn't the case on a Linux Deployment Server for Windows Forwarders?

What is the alternative then? Have two deployment servers one for Windows and one for Linux?

Thanks,
Javier

Reply

woodcock
Esteemed Legend
‎12-09-2015 09:14 AM

You are correct, I said it backwards. I went back and fixed my answer.

0 Karma
Reply

esix_splunk
Splunk Employee
Splunk Employee
‎12-09-2015 12:41 AM

This is fully supported. Refer to the documentation on configuring distributed search in order for your SH to use the indexer.

Reply

Afef
Communicator
‎12-09-2015 12:51 AM

thank you for your answer, i did not found the information in splunk docs.

0 Karma
Reply
Get Updates on the Splunk Community!

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...