All-In-One configuration and clustering

gladieu1 · ‎05-15-2019

Dear Community,

We have the following question :

In the 'all-in-one' configuration (1 server holding : Forwarder+Indexer+SH), may we implement clustering, in order to insure redundancy and have two 'all-in-on' servers into two different location but in redundancy so data are secured if one site comes down ?

Thanks in advance,

Regards

somesoni2 · ‎05-21-2019

No. The clustering requires certain minimum number of nodes and requires those nodes perform specific roles only. So, having just two nodes may not be possible. Have a look at the Splunk documentation for clustering. It'll give you specifics about how many servers (and of what type/role) you need. You could create a cluster with bare minimum number of nodes.

https://docs.splunk.com/Documentation/Splunk/7.2.6/Indexer/Basicclusterarchitecture#Cluster_nodes

gladieu1 · ‎05-21-2019

Thanks very much for your answer and documentation, very much appreciated 🙂
It is very important to us to be about having 2 Indexers/peer nodes only. You mention it may not possible to have only two, and the documentation shows with 3 peers, you're right, but for me it is for the example purpose only ? Or it really must be greater or equal to 3 peers at least and so 2 peers cannot be implemented ??

thanks again,
Kind regards

gladieu1 · ‎05-21-2019

Nobody please ?

All-In-One configuration and clustering

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Transform your security operations with Splunk Enterprise Security

Splunk Admins and App Developers | Earn a $35 gift card!