Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Clarification on Clustering & Index Replication

rturk
Builder
‎11-18-2013 08:45 PM

Hi All,

In reading a recently posted (16 Oct 2013) Splunk blog post "Clustering Optimizations in Splunk 6", the following was mentioned:

In the previous Splunk 5 version, users will not be able to search and
use the cluster until the cluster master ensures that all of the
replication policies are met. In some cases, this might take long time and
users are unnecessarily blocked until then.

Should I take this to mean that in v5, functional Index replication & searchability is only possible when you have n+1 indexers (where n is the index replication factor)? For example, if I have two indexers, and have set an index replication & searchability factor of two, this won't actually work as expected (i.e. full data availability in the event of a single indexer failure).

Any input is appreciated 🙂

Reply

mahamed_splunk
Splunk Employee
Splunk Employee
‎11-21-2013 11:08 AM

For example, if I have two indexers, and have set an index replication & searchability factor of two, this won't actually work as expected

No, If your replication policy is set to 2 and you have 2 indexers available, then your policy is already met, so users will be able to access and search the data.

Reply

rashid47010
Communicator
‎04-14-2018 11:41 AM

Hi
I have two index instances and one seach head
Now i want to configure replication and failover between these teo indexers.
How can i achieve this ?

0 Karma
Reply

mahamed_splunk
Splunk Employee
Splunk Employee
‎11-21-2013 02:27 PM

Got it. Even if only one indexer is available, the data will continue to be available and searchable. The optimization the blog post talks about is the order in which we fix indexes and commit generations.

Reply

rturk
Builder
‎11-21-2013 02:20 PM

Hi Mahamed - I understand that if both of my indexers are available it will work, my question concerns the platform behaviour if one indexer has failed (e.g. "work as expected (i.e. full data availability in the event of a single indexer failure)."

0 Karma
Reply

rturk
Builder
‎11-19-2013 04:50 PM

FYI I have logged a support case for this and will report back with any findings.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...