Deployment Architecture
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Clustering queries

SplunkFu
Path Finder
‎04-03-2013 09:08 AM

Hi there,

We are currently looking at the using clustering to introduce redundancy/HA into the deployment. I have a few questions which I may have missed in the documentation...

  1. Is there a minimum number of peer nodes that can be used in a cluster? - we are looking at 2 nodes, are there any major restrictions to this setup?
  2. In the documentation it states that a reference server should suffice for the master node, however as it is not performing any indexing/searching does it require that much in specification?
  3. Any issues with using clustering with the ES App?
  4. Are there any issues in having a search head searching between clustered and non-clustered indexers/nodes?
  5. Finally, I didn't see any notes on how to calculate storage requirements for clustering. Any thoughts?

Thanks in advance, and I look forward to your help 🙂

Best regards...

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎04-03-2013 01:35 PM
  1. No, two indexer nodes is fine.
  2. You can and probably should use a much smaller server for the master node. It doesn't need anything near the storage or CPU of any indexer. Probably a dual-core machine with 2 or 4 GB of memory and no big storage is fine.
  3. There should not be, except that summaries/tsidxstats will not be stored on the cluster
  4. You can not do this. A search head can search many non-clustered nodes, or it can search many clusters, but it can't do both. It's probably worth making an Enhancement Request for this if you want it
  5. http://docs.splunk.com/Documentation/Splunk/latest/Indexer/Systemrequirements#Storage_considerations

View solution in original post

Reply
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎04-03-2013 01:35 PM
  1. No, two indexer nodes is fine.
  2. You can and probably should use a much smaller server for the master node. It doesn't need anything near the storage or CPU of any indexer. Probably a dual-core machine with 2 or 4 GB of memory and no big storage is fine.
  3. There should not be, except that summaries/tsidxstats will not be stored on the cluster
  4. You can not do this. A search head can search many non-clustered nodes, or it can search many clusters, but it can't do both. It's probably worth making an Enhancement Request for this if you want it
  5. http://docs.splunk.com/Documentation/Splunk/latest/Indexer/Systemrequirements#Storage_considerations
Reply
Solved! Jump to solution

SplunkFu
Path Finder
‎04-04-2013 12:43 AM

also... how do I submit an enhancement request... not done one before.

0 Karma
Reply
Solved! Jump to solution

SplunkFu
Path Finder
‎04-04-2013 12:42 AM

Thanks for the response, very helpful... can't believe I missed that webpage.

0 Karma
Reply
Solved! Jump to solution

Steve_G_
Splunk Employee
Splunk Employee
‎04-03-2013 11:34 AM

I can help with a few of these:

Minimum number of peer nodes: Depends of course on your availability needs, but you can certainly set up a cluster with just two peer nodes.

Storage requirements: Many factors enter into it, but there's some pretty extensive documentation here: http://docs.splunk.com/Documentation/Splunk/latest/Indexer/Systemrequirements#Storage_considerations

Reply
Solved! Jump to solution

SplunkFu
Path Finder
‎04-05-2013 05:51 AM

Ahh right, okay that's great thanks. Will do, thanks

0 Karma
Reply
Solved! Jump to solution

gkanapathy
Splunk Employee
Splunk Employee
‎04-04-2013 08:00 AM

You can submit a enhancement request by submitting a case here https://www.splunk.com/page/submit_issue and setting it to priority level P4.

0 Karma
Reply
Solved! Jump to solution

SplunkFu
Path Finder
‎04-04-2013 12:41 AM

Thanks for the response... completely missed that documentation page... thought I clicked through them all. +1

0 Karma
Reply
Get Updates on the Splunk Community!

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Buttercup Games: Further Dashboarding Techniques (Part 7)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...
Top