Archive
Highlighted

search heads to search head cluster

Path Finder

Hi

In my company we are have 8 Search heads.

we want to change it into search head cluster.

what all the configuration i need to change please help me with this.

Tags (1)
0 Karma
Highlighted

Re: search heads to search head cluster

Super Champion

This is bit elaborative process and would require a Splunk admin who is well versed in SH clustering (or request for Professional services)

  1. You need to have a deployer (seperate Splunk instance)
  2. You need to have an odd number of SH members (So out of 8, discard 1 and make it 7)
  3. If you have sites, ensure one site has 4 and other have 3
  4. Config requirements like SH factor, security key
  5. You need to have pre-reqs like "indexer" versions should be same or lower than SH members etc. https://docs.splunk.com/Documentation/Splunk/latest/Indexer/Systemrequirements#Splunk_Enterprise_ver...
  6. There is quite set of understanding to do from this link https://docs.splunk.com/Documentation/Splunk/7.2.6/DistSearch/SHCdeploymentoverview

View solution in original post

Highlighted

Re: search heads to search head cluster

Motivator
0 Karma
Highlighted

Re: search heads to search head cluster

Esteemed Legend

Unless you have way too many search heads, I would add one to make it odd 9 (instead of reduce 1), because being part of a Search Head Cluster adds overhead that will make the capacity of each one a little bit less.

0 Karma
Highlighted

Re: search heads to search head cluster

Path Finder
0 Karma