Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Deployment server and cluster master on same machine from Splunk 7 to Splunk 8

splunkreal
Influencer
‎01-12-2021 04:24 AM

Hello,

our architecture in production was created years ago, we have Deployment Server and Cluster Master on same machine (linux vm) running Splunk Enterprise 7.3.4 fine.

Is there any specific risk keeping this architecture if we migrate to Splunk 8?

Thanks for your help.

 

* If this helps, please upvote or accept solution if it solved *
Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎01-12-2021 05:15 AM

Hi @splunkreal,

you surely know that it isn't a best practice to have Deployment Server and Master Node on the same server.

Deployment Server must be on a dedicated server when it has to manage more than 50 clients and Master Node has to be on a dedicated server always!

Probably you haven't many users, data and searches otherwise you should have low performances in searches and indexing.

Anyway, about your question, you have only to follow the indications to upgrade an Indexers' Cluster that you can find at https://docs.splunk.com/Documentation/Splunk/8.1.1/Indexer/Upgradeacluster

In few words: before Master Node, then Search Heads and then Search Peers, eventually with a rolling  restart.

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution

gl_splunkuser
Path Finder
‎01-13-2021 10:33 AM

Hello, 

As I understand the upgrade process has the following order:

1. Verify the compatibility of your apps with the new version.

2. Upgrade de master node.

3. Upgrade the SH cluster and the Deployer.

https://docs.splunk.com/Documentation/Splunk/8.0.7/DistSearch/UpgradeaSHC

4. Upgrade the peers of the indexer.

https://docs.splunk.com/Documentation/Splunk/8.0.1/Indexer/Upgradeacluster

 

Regards

0 Karma
Reply
Solved! Jump to solution

splunkreal
Influencer
‎01-12-2021 07:02 AM

About 250 gb daily ingestion, 20 users daily, 3 indexers and 3 search heads (only 2 for users) the VM has 8 cpu/8 gb RAM however sometimes we have latencies with huge queries.

* If this helps, please upvote or accept solution if it solved *
0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎01-12-2021 07:11 AM

Hi @splunkreal,

the numbers you said confirm that you should review your architecture!

Also the hardware reference is not adequate to the Splunk indications (at least 12 CPUs and 12 GB RAM): if you run the health check of Monitor Console, you surely have a warning for this.

You should try to analyze your loads using the Monitor Console and see how your infrastrure works.

In addition, if you have a problem, this is the first answer from Splunk Support.

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎01-12-2021 05:15 AM

Hi @splunkreal,

you surely know that it isn't a best practice to have Deployment Server and Master Node on the same server.

Deployment Server must be on a dedicated server when it has to manage more than 50 clients and Master Node has to be on a dedicated server always!

Probably you haven't many users, data and searches otherwise you should have low performances in searches and indexing.

Anyway, about your question, you have only to follow the indications to upgrade an Indexers' Cluster that you can find at https://docs.splunk.com/Documentation/Splunk/8.1.1/Indexer/Upgradeacluster

In few words: before Master Node, then Search Heads and then Search Peers, eventually with a rolling  restart.

Ciao.

Giuseppe

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...