Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

One search head to search across two separate indexer clusters?

varunmalhotra1
Explorer
‎06-08-2018 01:02 AM

I am running two setups of Splunk, one is in Datacenter and another is in AWS.

DC : 2 Node search heads, 3 nodes : indexers, 1 deployment server & license manager
AWS : 2 Node search heads, 3 nodes : indexers, 1 deployment server & license manager

I am trying to add AWS indexer cluster to DC search head. If this is possible we will stop the AWS hosted SHs because we want to keep only one SH cluster which should be able to search across two distinct indexer clusters.
Please note that there is no replication or any connection between the AWS hosted and DC hosted indexer cluster. We don't want to setup multisite indexer clustering.

Can this be done ?

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎06-08-2018 01:26 AM

You can add any number of search peers to a search head (non-clustered indexers), or add search heads to any number of cluster masters (clustered indexers).
Then a search will run over all indexers, giving you unified results.

0 Karma
Reply
Get Updates on the Splunk Community!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...

Splunk APM: New Product Features + Community Office Hours Recap!

Howdy Splunk Community! Over the past few months, we’ve had a lot going on in the world of Splunk Application ...

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...