Deployment Architecture
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Clustering queries

SplunkFu
Path Finder
‎04-03-2013 09:08 AM

Hi there,

We are currently looking at the using clustering to introduce redundancy/HA into the deployment. I have a few questions which I may have missed in the documentation...

  1. Is there a minimum number of peer nodes that can be used in a cluster? - we are looking at 2 nodes, are there any major restrictions to this setup?
  2. In the documentation it states that a reference server should suffice for the master node, however as it is not performing any indexing/searching does it require that much in specification?
  3. Any issues with using clustering with the ES App?
  4. Are there any issues in having a search head searching between clustered and non-clustered indexers/nodes?
  5. Finally, I didn't see any notes on how to calculate storage requirements for clustering. Any thoughts?

Thanks in advance, and I look forward to your help 🙂

Best regards...

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎04-03-2013 01:35 PM
  1. No, two indexer nodes is fine.
  2. You can and probably should use a much smaller server for the master node. It doesn't need anything near the storage or CPU of any indexer. Probably a dual-core machine with 2 or 4 GB of memory and no big storage is fine.
  3. There should not be, except that summaries/tsidxstats will not be stored on the cluster
  4. You can not do this. A search head can search many non-clustered nodes, or it can search many clusters, but it can't do both. It's probably worth making an Enhancement Request for this if you want it
  5. http://docs.splunk.com/Documentation/Splunk/latest/Indexer/Systemrequirements#Storage_considerations

View solution in original post

Reply
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎04-03-2013 01:35 PM
  1. No, two indexer nodes is fine.
  2. You can and probably should use a much smaller server for the master node. It doesn't need anything near the storage or CPU of any indexer. Probably a dual-core machine with 2 or 4 GB of memory and no big storage is fine.
  3. There should not be, except that summaries/tsidxstats will not be stored on the cluster
  4. You can not do this. A search head can search many non-clustered nodes, or it can search many clusters, but it can't do both. It's probably worth making an Enhancement Request for this if you want it
  5. http://docs.splunk.com/Documentation/Splunk/latest/Indexer/Systemrequirements#Storage_considerations
Reply
Solved! Jump to solution

SplunkFu
Path Finder
‎04-04-2013 12:43 AM

also... how do I submit an enhancement request... not done one before.

0 Karma
Reply
Solved! Jump to solution

SplunkFu
Path Finder
‎04-04-2013 12:42 AM

Thanks for the response, very helpful... can't believe I missed that webpage.

0 Karma
Reply
Solved! Jump to solution

Steve_G_
Splunk Employee
Splunk Employee
‎04-03-2013 11:34 AM

I can help with a few of these:

Minimum number of peer nodes: Depends of course on your availability needs, but you can certainly set up a cluster with just two peer nodes.

Storage requirements: Many factors enter into it, but there's some pretty extensive documentation here: http://docs.splunk.com/Documentation/Splunk/latest/Indexer/Systemrequirements#Storage_considerations

Reply
Solved! Jump to solution

SplunkFu
Path Finder
‎04-05-2013 05:51 AM

Ahh right, okay that's great thanks. Will do, thanks

0 Karma
Reply
Solved! Jump to solution

gkanapathy
Splunk Employee
Splunk Employee
‎04-04-2013 08:00 AM

You can submit a enhancement request by submitting a case here https://www.splunk.com/page/submit_issue and setting it to priority level P4.

0 Karma
Reply
Solved! Jump to solution

SplunkFu
Path Finder
‎04-04-2013 12:41 AM

Thanks for the response... completely missed that documentation page... thought I clicked through them all. +1

0 Karma
Reply
Get Updates on the Splunk Community!

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...

AI Adoption Hub Launch | Curated Resources to Get Started with AI in Splunk

Hey Splunk Practitioners and AI Enthusiasts! It’s no secret (or surprise) that AI is at the forefront of ...
Top