How should I configure outputs.conf on the forward...

sim_tcr · ‎03-05-2015

Hello,

We have 4 indexers setup as a cluster with 2 of each indexers behind 2 Local Traffic Managers (LTM). These 2 LTMs are behind a Global Traffic Manager (GTM).

What should we specify in our forwarder outputs.conf so that even if one or more indexers is down, data should be going to other available indexers?

Should we specify the GTM?

Thanks,
SImon Mandy

muebel · ‎03-06-2015

If you configure the outputs.conf to use the GTM as the server, this should accomplish what you want.

All all the indexers in the same datacenter? My sense from your setup is that you have a pair of indexers in two datacenters, in which case you will want the forwarders to only forward to the appropriate LTM.

sim_tcr · ‎03-09-2015

I had tried configuring the gtm in outputs.conf and forwarder started sending data to one of the indexers.
And then I brought down that very specific indexer to check if forwarder will start sending data to one of other available indexer.
It did not. splunkd.log was telling cannot connect to the indexer (which i brought down)

What are the other option i have?

How should I configure outputs.conf on the forwarder in my indexer cluster environment with Local and Global Traffic Managers?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life