I think a cluster configuration of Splunk.
Considering of Indexer redundancy, the cluster configuration needs at least 4 splunk instances,
master node, two peers, search head (replication factor=2).
We are not always able to get enough environments (one instance on one machine).
So I think multi splunk intances on one machine.
Is it supported ?
And are there any supported installing procedures ?
(I confirmed that Splunk is able to introduce to nix more than once with a force option in RPM.
And according to below URL, maybe we can do that in Windows system.
Community:Run multiple Splunks on one machine - Splunk Wiki http://wiki.splunk.com/Community:Run_multiple_Splunks_on_one_machine )
Thank you.
As a first remark, having 2 indexers with replication on the same hardware beats the purpose of the replication.
So you should at least have one machine per indexer.
Second remark : The master cannot do double duty as a peer node or a search head, and it cannot reside on the same machine as a peer node or search head. see http://docs.splunk.com/Documentation/Splunk/latest/Indexer/Basicclusterarchitecture#Master_node
However you can run a search-head on the same machine than an indexer, or even turn the indexer into a search-head. But this will impact your indexing and search performance.
To run several instances on the same linux box, install in 2 different locations and edit the web.conf to specify different management ports and different web ports. To run several instance on windows, I still have doubts on this. ( and in general splunk indexer performance are slightly better on linux anyway)
As a first remark, having 2 indexers with replication on the same hardware beats the purpose of the replication.
So you should at least have one machine per indexer.
Second remark : The master cannot do double duty as a peer node or a search head, and it cannot reside on the same machine as a peer node or search head. see http://docs.splunk.com/Documentation/Splunk/latest/Indexer/Basicclusterarchitecture#Master_node
However you can run a search-head on the same machine than an indexer, or even turn the indexer into a search-head. But this will impact your indexing and search performance.
To run several instances on the same linux box, install in 2 different locations and edit the web.conf to specify different management ports and different web ports. To run several instance on windows, I still have doubts on this. ( and in general splunk indexer performance are slightly better on linux anyway)
Actually, we can reside multi instances on the same machine by changing install directory (eg. rpm --force -ihv --prefix=/opt/(splunk instance) (splunk media).rpm).
But it may be not recommended to coexist peers because of its performance, and master node which is not supported for the double duty.
Cannot reside on the same machine? Not even as a separate instance? How would it know anyway?