Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Best practices to create a search head cluster

llacoste
Path Finder
‎12-18-2020 02:11 AM

Hi all,

 

So I was wondering as I was writing some docs today and playing around creating some clusters... I was always taught and always read that you should not use the Deployment Server to create a Search Head Cluster as the /etc/apps gets wiped by the Deployer whenever the Search Heads turn into a cluster. That much I understand.

That's why we always use CLI to initialise the SHs and then bootstrap the captain and attach to the Cluster Master.

But, I was wondering as I was going through my Splunk Core Consultant notes, in one of the PPT slides I remember I saw a comment stating something like: /etc/apps would be wiped and you would have to deploy those configurations again in the /etc/shcluster/apps in the deployer.

 

So, what is the 'official' best practice on a "Professional Services Consultant level" around that Search Head clustering? I am using all the official splunk base apps already to install my clusters but when it comes to the SH Cluster I always go CLI..

 

Thank you for your time and answer 🙂

Labels (1)
Labels
0 Karma
Reply

llacoste
Path Finder
‎12-19-2020 10:24 AM

I see it's as clear for you it is for me 😄

Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...