Deployment Architecture

How should I configure outputs.conf on the forwarder in my indexer cluster environment with Local and Global Traffic Managers?

sim_tcr
Communicator

Hello,

We have 4 indexers setup as a cluster with 2 of each indexers behind 2 Local Traffic Managers (LTM). These 2 LTMs are behind a Global Traffic Manager (GTM).

What should we specify in our forwarder outputs.conf so that even if one or more indexers is down, data should be going to other available indexers?

Should we specify the GTM?

Thanks,
SImon Mandy

0 Karma

muebel
SplunkTrust
SplunkTrust

If you configure the outputs.conf to use the GTM as the server, this should accomplish what you want.

All all the indexers in the same datacenter? My sense from your setup is that you have a pair of indexers in two datacenters, in which case you will want the forwarders to only forward to the appropriate LTM.

0 Karma

sim_tcr
Communicator

I had tried configuring the gtm in outputs.conf and forwarder started sending data to one of the indexers.
And then I brought down that very specific indexer to check if forwarder will start sending data to one of other available indexer.
It did not. splunkd.log was telling cannot connect to the indexer (which i brought down)

What are the other option i have?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...