We are trying to move from a single instance of splunk to a clustered environment. We created the cluster as per the documentation only to find out we also need a search head cluster which isn't created when you create a cluster of search heads. So now we are wondering what other items that we are missing. Is there a complete step by step doc on how to do this?
ie in the end we want a clustered environment that looks the same as our single instance.
questions we have so far
1. How do users, dashboards and alerts get migrated over to the cluster, do they go on all systems, or just search heads, or just clustered search heads or a search head cluster?
2. Once we have created a cluster of search heads we need to create a search head cluster, can we do this through the gui or is it all cli?
3. do we need a deployment server to create user dashboards and add users, or do we only need one once we are ready to deploy apps?
4. should the search head cluster even be part of the indexer cluster, or is this handled outside of that?
Any help would be appreciated.
Moving from single instance of splunk spl01 system to clustered indexers and clustered search heads, ie spl01 and spl02 with master of spl00, and search heads of spl11 and spl12
... View more