Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can a search head cluster be implemented without integrating with deployer?

jet1276
Path Finder
‎09-13-2017 12:25 AM

I have a standalone search head connected to only one search peer. Now I am introducing another search head to the environment and trying to implement a search head cluster with two search heads.

Now can I achieve that without integrating these search heads with a deployer instance OR deployer is mandatory to implement search head cluster?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gjanders
SplunkTrust
SplunkTrust
‎09-13-2017 02:17 AM

The deployer is required for search head clustering and you will need 3 search heads to create a usable cluster.
Refer to Captain election process has deployment implications:

" A cluster should consist of a minimum of three members. A two-member cluster cannot tolerate any node failure. Failure of either member will prevent the cluster from electing a captain and continuing to function. Captain election requires majority (51%) assent of all members, which, in the case of a two-member cluster, means that both nodes must be running. You therefore forfeit the high availability benefits of a search head cluster if you limit it to two members."

Also the deployer is part of the search head cluster architecture

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud

View solution in original post

Reply
Solved! Jump to solution

lfedak_splunk
Splunk Employee
Splunk Employee
‎09-13-2017 02:34 PM

@jet1276, if they solved your problem, remember to "√Accept" an answer to award karma points 🙂

0 Karma
Reply
Solved! Jump to solution

ddrillic
Ultra Champion
‎09-13-2017 07:25 AM

The following says System requirements and other deployment considerations for search head clusters

![alt text][2]

Preview file
56 KB
Preview file
56 KB
Reply
Solved! Jump to solution
Solution

gjanders
SplunkTrust
SplunkTrust
‎09-13-2017 02:17 AM

The deployer is required for search head clustering and you will need 3 search heads to create a usable cluster.
Refer to Captain election process has deployment implications:

" A cluster should consist of a minimum of three members. A two-member cluster cannot tolerate any node failure. Failure of either member will prevent the cluster from electing a captain and continuing to function. Captain election requires majority (51%) assent of all members, which, in the case of a two-member cluster, means that both nodes must be running. You therefore forfeit the high availability benefits of a search head cluster if you limit it to two members."

Also the deployer is part of the search head cluster architecture

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud
Reply
Solved! Jump to solution

jet1276
Path Finder
‎09-13-2017 03:56 AM
  1. Even if I use two search heads instead of three, still I should be able to use them as my search head cluster right?? Only thing is I won't able to get node failure benefit.
  2. Even though it being part of the architecture, can it be bypassed or not??
0 Karma
Reply
Solved! Jump to solution

gjanders
SplunkTrust
SplunkTrust
‎09-13-2017 05:15 AM

(1) Yes I ran 2 nodes in development before I understood the issues, occasionally they did get stuck in the scenario where there was no elected captain (it was development so it was for Splunk testing only), eventually we built a 3rd and that resolved the issue.

(2) No, a deployer is what deploys the apps to the search heads in a cluster, they can also contact it on startup to ensure they have the current bundle of apps...so you will need a deployer, your deployer server might also be a cluster master but you will need a server to place the shcluster directory on and to apply the shcluster bundle...

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...