Deployment Architecture

Implement Splunk high availability servers

vijreddy30
Loves-to-Learn Everything

Hi All,

 

Currently Development zone-1 HF and( SearchHead+Indexer ) single instance

QA -HF,Deploymentserver and Deployment server

Zone2 also same servers, but we dont't have Cluster master and all are implemented Windows System.

 

As per requirement need to be implement High availability servers Zone1 and Zone2.

 

please send me implemented steps for high availability servers.

 

Regards,

Vijay

Labels (2)
0 Karma

inventsekar
SplunkTrust
SplunkTrust

Hi @vijreddy30 ... 

From your question, what I understood is that... 

In Zone 1, you have an indexer and search head in a single windows system.

Zone 2 also the same.

 

>>> As per requirement need to be implement High availability servers Zone1 and Zone2.

as per my understanding, by "high availability", you mean, the UF agents should be able to send logs to either both or any one indexer...so you will not miss any logs at all. (This is not high availability, this is actually load balancing). Pls suggest me if this understanding was wrong.

If you could provide us some more details about the requirements, we could help you better. Thanks. 

 

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma

vijreddy30
Loves-to-Learn Everything

In zone-  HF instance and (SH+Indexer) one instance same Zone -2 also.

Here my project there is no Deployer, indexer cluster and SH cluster and there is no Cluster master also.

 

How do i implement High Availability server?

0 Karma

inventsekar
SplunkTrust
SplunkTrust

Hi @vijreddy30 ... pls check your Profile's inbox.. i have sent a msg to you. 


this looks like a POC / test / dev environment setup. 

most probably you may not need "high availability" at all. 

we may need more details about what you meant by "high availability"..  thanks. 

 

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma

richgalloway
SplunkTrust
SplunkTrust

I suppose it depends on what you mean by "high availability".  In my book, Splunk doesn't do HA, but I come from a fault-tolerant computing background.

The closest you'll get requires search head and indexer clusters, which is a bit more of an investment (both in servers and in management) than single instance Splunk servers.  Note that Splunk does not support HA for forwarders, Deployment Servers, or SHC Deployers.  See https://docs.splunk.com/Documentation/Splunk/9.1.1/Deploy/Useclusters and https://docs.splunk.com/Documentation/Splunk/9.1.1/Deploy/Indexercluster for more information.

 

---
If this reply helps you, Karma would be appreciated.
Get Updates on the Splunk Community!

Get Inspired! We’ve Got Validation that Your Hard Work is Paying Off

We love our Splunk Community and want you to feel inspired by all your hard work! Eric Fusilero, our VP of ...

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...