I had setup multisite cluster 6.2.1. Details of my Splunk environment are mentioned below
We have two sites
MasterNode : 1
Search Head : 2 search head in site 1 and 1 search head in site 2 .
Peers : 3 Peers at site 1 and 1 peers at site 2.
I am looking to setup search head clustering. Can i setup 1 search head cluster and include all search heads ( 2 from site 1 and 1 from site 2) or i had to setup two diffrent search head clusters ?
Please let me know the configurations to perfom the search head clustering based on above details.
Yes, You can set up a single SHC with nodes from 2 different sites. But keep in mind that if Site 1 is lost, then Site 2 won't be able to run any of your scheduled searches (you can still run your adhoc searches). This is due to majority node requirement in SHC.
I am able to run the initialize command but while creating a captian by running bootstarp command
splunk bootstrap shcluster-captain -servers_list ":,:,..."
I am getting error as splunk does not recognize bootstarp. Please check command or take help.