We have a multisite Indexer Cluster in our datacenter and some remote locations with local standalone Splunk installations. Now we want to connect our search heads of the datacenters to those remote Splunk installations. It's important for us to use Splunk Search Group of search peers because we just want to search those remote Splunk installations when needed to save bandwidth. I saw on distsearch documentation that we cannot use cluster and search group functions at the same time. Does anyone know how can I integrate those two Splunk installations?
You can search across both clustered and non-clustered search peers
Thanks for your answer but this don't let me use the search group: http://docs.splunk.com/Documentation/Splunk/6.3.3/DistSearch/Distributedsearchgroups. I need to create a search group because I don't want to search those standalone splunk by default just when I explicitly want.
We do have mixed configuration but never tried search group.
One possibility is that to set up a small standalone instance on your main site(dummy) and add it also as distsearch. Then create two groups with main and remote in each group and make main as default=true.
Other possibility is to add the search head as peer inside the configuration . It's not tested and not sure if it works as we expected