https://community.splunk.com/t5/Splunk-Search/Can-Splunk-Federated-Search-be-configured-for-bidirectional/m-p/750655#M242392 <P>I want to configure Federated Search so that Deployment A can search Deployment B, and Deployment B can also search Deployment A. I understand that Federated Search is typically unidirectional (local search head → remote provider). Is it possible to configure it for true bidirectional searches in a single architecture (create two separate unidirectional configurations (A→B and B→A))?</P><P>Has anyone implemented this setup successfully? Any best practices or caveats would be appreciated.</P><P>Also, have anyone implemented this along with ITSI - what are the takeaways and do &amp; don'ts?</P> Tue, 29 Jul 2025 16:26:44 GMT meetmshah 2025-07-29T16:26:44Z https://community.splunk.com/t5/Splunk-Search/Can-Splunk-Federated-Search-be-configured-for-bidirectional/m-p/750655#M242392 <P>I want to configure Federated Search so that Deployment A can search Deployment B, and Deployment B can also search Deployment A. I understand that Federated Search is typically unidirectional (local search head → remote provider). Is it possible to configure it for true bidirectional searches in a single architecture (create two separate unidirectional configurations (A→B and B→A))?</P><P>Has anyone implemented this setup successfully? Any best practices or caveats would be appreciated.</P><P>Also, have anyone implemented this along with ITSI - what are the takeaways and do &amp; don'ts?</P> Tue, 29 Jul 2025 16:26:44 GMT https://community.splunk.com/t5/Splunk-Search/Can-Splunk-Federated-Search-be-configured-for-bidirectional/m-p/750655#M242392 meetmshah 2025-07-29T16:26:44Z https://community.splunk.com/t5/Splunk-Search/Can-Splunk-Federated-Search-be-configured-for-bidirectional/m-p/750693#M242401 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/258346">@meetmshah</a>&nbsp;</P><P>Yes two different deployments can be fed. search clients for eachother - however the connections will not really know of each other.&nbsp;</P><P>I dont know too much about the best practices here, however *F<SPAN>ederated Search for Splunk supports Splunk IT Service Intelligence version 4.16.0 and higher, for transparent mode federated search only* based on the <A href="https://help.splunk.com/en/splunk-enterprise/search/federated-search/10.0/run-federated-searches-across-other-splunk-deployments/about-federated-search-for-splunk" target="_self">docs</A>.</SPAN></P><P><SPAN>Note - the <A href="https://docs.splunk.com/Documentation/SVA/current/Architectures/FederatedSearch" target="_self">federated search docs</A> suggest engaging with your account team and/or support when working with premium apps such as ITSI with federated search.</SPAN></P><P><span class="lia-unicode-emoji" title=":glowing_star:">🌟</span><SPAN>&nbsp;</SPAN><STRONG>Did this answer help you?</STRONG><SPAN>&nbsp;</SPAN>If so, please consider:</P><UL><LI>Adding karma to show it was useful</LI><LI>Marking it as the solution if it resolved your issue</LI><LI>Commenting if you need any clarification</LI></UL><P>Your feedback encourages the volunteers in this community to continue contributing</P> Tue, 29 Jul 2025 21:13:00 GMT https://community.splunk.com/t5/Splunk-Search/Can-Splunk-Federated-Search-be-configured-for-bidirectional/m-p/750693#M242401 livehybrid 2025-07-29T21:13:00Z https://community.splunk.com/t5/Splunk-Search/Can-Splunk-Federated-Search-be-configured-for-bidirectional/m-p/750712#M242404 <P>Thanks for the answer&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/170906">@livehybrid</a>. With respect to - "<SPAN>Yes two different deployments can be fed. search clients for eachother"? -&nbsp;Have you seen an environment with the same? Because I couldn't find any of the Splunk Doc where it's mentioned that the environments can be interconnected.</SPAN></P> Wed, 30 Jul 2025 07:20:40 GMT https://community.splunk.com/t5/Splunk-Search/Can-Splunk-Federated-Search-be-configured-for-bidirectional/m-p/750712#M242404 meetmshah 2025-07-30T07:20:40Z https://community.splunk.com/t5/Splunk-Search/Can-Splunk-Federated-Search-be-configured-for-bidirectional/m-p/750716#M242405 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/258346">@meetmshah</a>&nbsp;</P><P>I haven't tested this personally. But theoratically by creating two separate unidirectional configurations its feasible. Deployment A acts as a Federated Search Head with Deployment B as its Federated Provider and deployment B also acts as a Federated Search Head with Deployment A as its Federated Provider.</P><P>As per document Real-time searches are not supported in Federated Search mode.<BR />#<A href="https://docs.splunk.com/Documentation/ITSI/4.20.1/EA/FedSearch" target="_blank">https://docs.splunk.com/Documentation/ITSI/4.20.1/EA/FedSearch</A></P><P>Regards,<BR />Prewin<BR />Splunk Enthusiast | Always happy to help! If this answer helped you, please consider marking it as the solution or giving a Karma. Thanks!</P> Wed, 30 Jul 2025 07:46:41 GMT https://community.splunk.com/t5/Splunk-Search/Can-Splunk-Federated-Search-be-configured-for-bidirectional/m-p/750716#M242405 PrewinThomas 2025-07-30T07:46:41Z