Requirement:
I have two Splunk servers: serverA and serverB
splunk.example.com points to serverA and serverB
When serverA fails, it redirects to serverB. How can I configure the following
1. Data to be in sync on both the servers
2. Alerts should be in sync. It should not alert twice.
Splunk HA in Active-Passive Mode
This sounds like you are asking about a Search Head Cluster
:
http://docs.splunk.com/Documentation/Splunk/6.4.0/DistSearch/SHCarchitecture
Hi,
You need to make a cluster with a search head it will be send the alerts querying the to indexers. You will need an other sever with master role and other with search head role.
Hope i help you