Deployment Architecture

How to upgrade a standalone search head to a Search Head Cluster, and connect the SHC to 2 Indexer Clusters?

frankyip
New Member

I have one standalone search head connected to 2 indexer clusters now. I would like to upgrade the standalone search head to a Search Head Cluster (with 3 members and a deployer). Is this possible? How to configure the Search Head Cluster to connect 2 indexer cluster for distribution search?

0 Karma

lguinn2
Legend

This is entirely possible.

  1. Set up the deployer.
  2. Backup all the user and app configurations from the standalone search head to the deployer.
  3. Wipe out the Splunk instance from the standalone search head. Delete all directories, configurations, etc.
  4. Install Splunk on each of the 3 search heads and set the basic settings such as server name etc.
  5. Configure each of the search heads as members of BOTH indexer clusters, just as you did before on the standalone search head.
  6. Create the search head cluster (SHC) by initializing each member and then bootstrapping a captain.
  7. Add the deployer to the SHC and configure the deployer url on each search head.
  8. Use the deployer to send out all the user and app configurations to all the SHC members.

Tips:

  • Be sure to completely re-install Splunk on the stand-alone search head before you add it to the SHC. Otherwise, you will have one search head that is out of sync with the others. This will surely cause problems.
  • Review the apps and user materials that you saved from the stand-alone search head to the deployer. REMOVE the default apps (search, launcher, etc. - the apps that ship with Splunk) as they should NOT be managed by the deployer. If you need to save something from the search app for example, make a new app and copy over the things that need to be saved.
Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

🍂 Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...