A：I have a stand-alone Splunk Enterprise,This includes search, indexing。
B：Now,I built a Splunk cluster，The Splunk cluster includes (three search servers, three index servers, one deployment server, multiple universal forwarders).
How to migrate stand-alone version of the Splunk index and the field to the cluster (search servers)
Also: Is there a talk about Splunk's technical group? May i join?
How many concurrent searches do you have? I would suggest making an index cluster first then move to a search head cluster when you have more users searching.
First step would be to create the master node instance, then create your indexers, then search heads. You should join each instance to the license pool and setup your DS and forwarders.
I think you will need to manually add the data to your clustered indexers since old data will not populate onto the new nodes
Here's a link discussing rebalancing data along the nodes
You should also look into joining the Splunk Slack channel
First you'll want a firm understanding of index time versus search time field extractions and transformations by reading over the props.conf and transforms.conf documentation.
Then you can pretty much just follow these articles:
You'll note they say contact splunk PS for migrating the data. It can be easier to just leave the old standalone indexer up and running and use it as a search peer on the new SHC. Migrating the data requires a bit of scripting to attach the cluster guid to the bucket file names, and also needs to take into consideration the possibility of bucket collisions and other posibillities... Which is why they recommend contacting PS if it's absolutely necessary.