Deployment Architecture

How can I find out which apps and add-ons support Search Head Clustering?

rahul_jasrotia
Path Finder

Hi Splunkers,

I have to implement Search Head Clustering (SHC) on my 4 search heads. I have a lot of apps and add-ons installed on one of the search heads which are heavily used and I'm not sure which add-ons out of these support SHC. I have few doubts below:-
1. How to identify if a certain app/add-on supports SHC?
2. What happens to the kvstores once i implement SHC?
3. What is the difference between a deployer and a deployment server?

Some of the apps I have are :-
Splunk Add-on Builder
Splunk App for CEF (Because of this app's support not there in SHC, we had to rollback the clustering changes last time)
Splunk App for ServiceNow
Splunk Add-on for Cisco ASA
Splunk Add-on for Cisco ISE
Splunk Add-on for CyberArk
Splunk Add-on for NetFlow (Splunk_TA_flowfix)
Splunk Add-on for Microsoft SQL Server
Splunk Add-on for Unix and Linux
Splunk Add-on for Oracle Database
Splunk Add-on for ServiceNow
Splunk Add-on for Symantec Endpoint Protection
Splunk Add-on for Microsoft Windows
Splunk for Palo Alto Networks

Can someone please help or share his/her experience on this?

Thanks in advance guys.

0 Karma
1 Solution

adonio
Ultra Champion

Hi rahul_jasrotia
1. on each app / add-on you can check details or on splunkbase or on README file and see whether they support SHC. for example the Splunk Add-on for Cisco ASA docs: http://docs.splunk.com/Documentation/AddOns/released/CiscoASA/Distributeddeployment
will recommend also to check where do you need to install the app / add-on
2. regarding KV Store, this link will help http://docs.splunk.com/Documentation/Splunk/6.5.2/DistSearch/SHCarchitecture#Search_head_clustering_...
3. Deployment Server is a Splunk instance that sends configurations to forwarders (and or other splunk instances) Deployer controls the Search Head Cluster apps distribution - sends apps to members of the cluster. more about the deployer here: http://docs.splunk.com/Documentation/Splunk/6.5.2/DistSearch/SHCarchitecture#Parts_of_a_search_head_...
hope it helps

View solution in original post

adonio
Ultra Champion

Hi rahul_jasrotia
1. on each app / add-on you can check details or on splunkbase or on README file and see whether they support SHC. for example the Splunk Add-on for Cisco ASA docs: http://docs.splunk.com/Documentation/AddOns/released/CiscoASA/Distributeddeployment
will recommend also to check where do you need to install the app / add-on
2. regarding KV Store, this link will help http://docs.splunk.com/Documentation/Splunk/6.5.2/DistSearch/SHCarchitecture#Search_head_clustering_...
3. Deployment Server is a Splunk instance that sends configurations to forwarders (and or other splunk instances) Deployer controls the Search Head Cluster apps distribution - sends apps to members of the cluster. more about the deployer here: http://docs.splunk.com/Documentation/Splunk/6.5.2/DistSearch/SHCarchitecture#Parts_of_a_search_head_...
hope it helps

Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...