- Splunk Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- How to integrate a multisite indexer cluster with ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to integrate a multisite indexer cluster with remote standalone Splunk installations?
Dear Splunkers,
We have a multisite Indexer Cluster in our datacenter and some remote locations with local standalone Splunk installations. Now we want to connect our search heads of the datacenters to those remote Splunk installations. It's important for us to use Splunk Search Group of search peers because we just want to search those remote Splunk installations when needed to save bandwidth. I saw on distsearch documentation that we cannot use cluster and search group functions at the same time. Does anyone know how can I integrate those two Splunk installations?
Thanks!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can search across both clustered and non-clustered search peers
- Configure an indexer cluster search head in the standard fashion
- Use Splunk Web or the CLI to add one or more non-clustered search peers
Details are here : http://docs.splunk.com/Documentation/Splunk/6.1/Indexer/Configureclusteredandnonclusteredsearch
What goes around comes around. If it helps, hit it with Karma 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi renjith.nair,
Thanks for your answer but this don't let me use the search group: http://docs.splunk.com/Documentation/Splunk/6.3.3/DistSearch/Distributedsearchgroups. I need to create a search group because I don't want to search those standalone splunk by default just when I explicitly want.
thanks!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We do have mixed configuration but never tried search group.
One possibility is that to set up a small standalone instance on your main site(dummy) and add it also as distsearch. Then create two groups with main and remote in each group and make main as default=true.
Other possibility is to add the search head as peer inside the configuration . It's not tested and not sure if it works as we expected
What goes around comes around. If it helps, hit it with Karma 🙂
Introducing the Splunk Community Dashboard Challenge!
Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...
Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...
