- Find Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- Component wise priority to deploy search head clus...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
We are planning to deploy search head cluster, indexer cluster, with master node, deployment server for PoC use.
Could anyone have the document from where i can find which component should deploy/configure first?
Configure and start, indexer server first or master node fist or search head first.
Thanks
Rajeev
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You need to understand the general architecture and flow of traffic, you can read the architecting Splunk docs at : http://docs.splunk.com/Documentation/Splunk/6.4.2/Deploy/Distributedoverview.
Short Answer, based on deployment experience, here is the order you would build this, with a short explanation:
1) Master Node (Cluster Master) - This needs to be configured before the indexing tier can connect and join a cluster or before SH can search the Indexer Cluster
2) Indexing Tier (Indexers) - These connect to the Master node and once Search Factor and Replication Factor are met, start indexing
3) Deployment Server / Deployer - If you are using a Search Head Cluster, you will need a deployer configured. Otherwise, you should use a Deployment Server for managing your SH / UF
4) Search Heads - Configure your search head and join it to the Master Node. (It can search your indexer cluster now..)
5) HF / UF's - Get data into your cluster!
When deploying in the field, this is the general order for building out and deploying. This is generally the easiest process in my opinion. It allows a clear and easy method for testing connectivity and data flow into your Aggregation and Indexing Tiers.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You need to understand the general architecture and flow of traffic, you can read the architecting Splunk docs at : http://docs.splunk.com/Documentation/Splunk/6.4.2/Deploy/Distributedoverview.
Short Answer, based on deployment experience, here is the order you would build this, with a short explanation:
1) Master Node (Cluster Master) - This needs to be configured before the indexing tier can connect and join a cluster or before SH can search the Indexer Cluster
2) Indexing Tier (Indexers) - These connect to the Master node and once Search Factor and Replication Factor are met, start indexing
3) Deployment Server / Deployer - If you are using a Search Head Cluster, you will need a deployer configured. Otherwise, you should use a Deployment Server for managing your SH / UF
4) Search Heads - Configure your search head and join it to the Master Node. (It can search your indexer cluster now..)
5) HF / UF's - Get data into your cluster!
When deploying in the field, this is the general order for building out and deploying. This is generally the easiest process in my opinion. It allows a clear and easy method for testing connectivity and data flow into your Aggregation and Indexing Tiers.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you so much for such a descriptive and prompt response.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
i dont know if there is a document which gives you the information of deploying a complete infrastructure like this.
The way you should do is.
- Clustermaster/Deploymentserver
- Indexer
- Searchhead/SH-Cluster
To deploy and configure the single points of your infrastructure just search on docs.splunk.com instructions. Its well documented.
Greets
New Case Study Shows the Value of Partnering with Splunk Academic Alliance
How to Monitor Google Kubernetes Engine (GKE)
Index This | How can you make 45 using only 4?
