High Availablity Implementation-Cluster

vijreddy30 · ‎12-25-2023

Hi Team,

In my project need to be implement High Availability servers in below Servers are using.

Z1-->L4 -->SearchHead+Indexer single instanceonly(Dev)

SearchHead+Indexer single instanceonly(QA)

DeploymentServer(QA)

HearvyForwarder(Prod)

DeploymentServe(Prod)

--------------------------------------------------

App related below server:

Z2 --> HearvyForwarder(Prod,Dev,QA) individual Servers

Z3--> HearvyForwarder(Prod,Dev,QA) individual Servers

The above App related servers are connected Deployment server and SearchHead+Indexer

Note : my project there is no Cluster master

Please help how do we implement the High Availability implementation, please help the guide the above servers.

gcusello · ‎12-25-2023

Hi @vijreddy30,

let me understand, quich kind of HA do you want to impement?

if HA on data, you need an Indexer Cluster: you need at least two Indexer and a Cluster master, you can find more information at https://docs.splunk.com/Documentation/Splunk/9.1.2/Indexer/Basicclusterarchitecture

If Ha in the presentation Layer, you neet a Search Head Cluster:, at least three Search Heads and a Deployer, as described at https://docs.splunk.com/Documentation/Splunk/9.1.2/DistSearch/SHCarchitecture

If at ingestion level, you need at least two Heavy Forwarders and a Load Balancer.

Ciao.

Giuseppe

isoutamo · ‎12-27-2023

Hi

it's just as @gcusello said. You cannot create HA environment without indexer cluster. That needs minimum three nodes: manager node and minimum two peer.

Here is https://www.splunk.com/en_us/pdfs/tech-brief/splunk-validated-architectures.pdf document which you should read and use as a base instructions how different splunk installations are working and for what purpose those are targeted.

r. Ismo

vijreddy30 · ‎01-02-2024

Thanks for your help.

In my project there is no Cluster master, Deployment Server have, can i user deployment server as Cluster master?

SearchHead and Indexer are single instance.

Regards,

Vij

gcusello · ‎01-03-2024

Hi @vijreddy30 ,

you need a Cluster Manager only if you have an Indexer Cluster, so at least two Indexers.

Anyway, you cannot use a Deployment Server as Cluster Manager and you cannot use the same server for these roles:

Cluster Manager must have a dedicated server,
Deployment Server can be in a shared server (not Search Head Or Indexer or Cluster Manager) only if it has to manage less than 50 clients, otherwise a dedicated server is required.

Ciao.

Giuseppe

vijreddy30 · ‎01-03-2024

Thanks for your guidelines.

gcusello · ‎01-03-2024

Hi @vijreddy30 ,

let us know if we can help you more, or, please, accept one answer for the other people of Community.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated by all the Contributors 😉

isoutamo · ‎01-03-2024

Hi

based on this document https://docs.splunk.com/Documentation/Splunk/9.1.2/Deploy/Manageyourdeployment you cannot combine DS and CM on same server instance.

r. Ismo

High Availablity Implementation-Cluster

deployment server

indexer clustering

search head clustering

Uncovering Multi-Account Fraud with Splunk Banking Analytics

Secure Your Future: A Deep Dive into the Compliance and Security Enhancements for the ...

New This Month in Splunk Observability Cloud - Synthetic Monitoring updates, UI ...