I had setup multisite cluster 6.2.1. Details of my Splunk environment are mentioned below
We have two sites
MasterNode : 1
Search Head : 2 search head in site 1 and 1 search head in site 2 .
Peers : 3 Peers at site 1 and 1 peers at site 2.
I am looking to setup search head clustering. Can i setup 1 search head cluster and include all search heads ( 2 from site 1 and 1 from site 2) or i had to setup two diffrent search head clusters ?
Please let me know the configurations to perfom the search head clustering based on above details.
The docs say:
Running a cluster across multiple sites is not currently supported. Search head clusters have been tested only with all members running on a single site.
That restriction was removed with release 6.3. For current guidelines, see http://docs.splunk.com/Documentation/Splunk/6.5.2/DistSearch/SHCsystemrequirements#Search_head_clust...
Hmm, not supported/tested is one thing, but I'm curious whether it would work. I'll open a support case to get some more info. Thanks for the clarification.
I have configured Search Head Clustering on Windows Servers and it is working fine with some limitations.
what limitations did you have please?
Yes, You can set up a single SHC with nodes from 2 different sites. But keep in mind that if Site 1 is lost, then Site 2 won't be able to run any of your scheduled searches (you can still run your adhoc searches). This is due to majority node requirement in SHC.
I am able to run the initialize command but while creating a captian by running bootstarp command
splunk bootstrap shcluster-captain -servers_list ":,:,..."
I am getting error as splunk does not recognize bootstarp. Please check command or take help.