Deployment Architecture

How can I find out which apps and add-ons support Search Head Clustering?

rahul_jasrotia
Path Finder

Hi Splunkers,

I have to implement Search Head Clustering (SHC) on my 4 search heads. I have a lot of apps and add-ons installed on one of the search heads which are heavily used and I'm not sure which add-ons out of these support SHC. I have few doubts below:-
1. How to identify if a certain app/add-on supports SHC?
2. What happens to the kvstores once i implement SHC?
3. What is the difference between a deployer and a deployment server?

Some of the apps I have are :-
Splunk Add-on Builder
Splunk App for CEF (Because of this app's support not there in SHC, we had to rollback the clustering changes last time)
Splunk App for ServiceNow
Splunk Add-on for Cisco ASA
Splunk Add-on for Cisco ISE
Splunk Add-on for CyberArk
Splunk Add-on for NetFlow (Splunk_TA_flowfix)
Splunk Add-on for Microsoft SQL Server
Splunk Add-on for Unix and Linux
Splunk Add-on for Oracle Database
Splunk Add-on for ServiceNow
Splunk Add-on for Symantec Endpoint Protection
Splunk Add-on for Microsoft Windows
Splunk for Palo Alto Networks

Can someone please help or share his/her experience on this?

Thanks in advance guys.

0 Karma
1 Solution

adonio
Ultra Champion

Hi rahul_jasrotia
1. on each app / add-on you can check details or on splunkbase or on README file and see whether they support SHC. for example the Splunk Add-on for Cisco ASA docs: http://docs.splunk.com/Documentation/AddOns/released/CiscoASA/Distributeddeployment
will recommend also to check where do you need to install the app / add-on
2. regarding KV Store, this link will help http://docs.splunk.com/Documentation/Splunk/6.5.2/DistSearch/SHCarchitecture#Search_head_clustering_...
3. Deployment Server is a Splunk instance that sends configurations to forwarders (and or other splunk instances) Deployer controls the Search Head Cluster apps distribution - sends apps to members of the cluster. more about the deployer here: http://docs.splunk.com/Documentation/Splunk/6.5.2/DistSearch/SHCarchitecture#Parts_of_a_search_head_...
hope it helps

View solution in original post

adonio
Ultra Champion

Hi rahul_jasrotia
1. on each app / add-on you can check details or on splunkbase or on README file and see whether they support SHC. for example the Splunk Add-on for Cisco ASA docs: http://docs.splunk.com/Documentation/AddOns/released/CiscoASA/Distributeddeployment
will recommend also to check where do you need to install the app / add-on
2. regarding KV Store, this link will help http://docs.splunk.com/Documentation/Splunk/6.5.2/DistSearch/SHCarchitecture#Search_head_clustering_...
3. Deployment Server is a Splunk instance that sends configurations to forwarders (and or other splunk instances) Deployer controls the Search Head Cluster apps distribution - sends apps to members of the cluster. more about the deployer here: http://docs.splunk.com/Documentation/Splunk/6.5.2/DistSearch/SHCarchitecture#Parts_of_a_search_head_...
hope it helps

Get Updates on the Splunk Community!

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...

Explore the Latest Educational Offerings from Splunk (November Releases)

At Splunk Education, we are committed to providing a robust learning experience for all users, regardless of ...

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

The latest enhancements across the Splunk Observability portfolio deliver greater flexibility, better data and ...