Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Implement Splunk high availability servers

vijreddy30
Loves-to-Learn Everything
‎10-21-2023 09:34 AM

Hi All,

 

Currently Development zone-1 HF and( SearchHead+Indexer ) single instance

QA -HF,Deploymentserver and Deployment server

Zone2 also same servers, but we dont't have Cluster master and all are implemented Windows System.

 

As per requirement need to be implement High availability servers Zone1 and Zone2.

 

please send me implemented steps for high availability servers.

 

Regards,

Vijay

Labels (2)
0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
‎10-21-2023 10:17 AM

Hi @vijreddy30 ... 

From your question, what I understood is that... 

In Zone 1, you have an indexer and search head in a single windows system.

Zone 2 also the same.

 

>>> As per requirement need to be implement High availability servers Zone1 and Zone2.

as per my understanding, by "high availability", you mean, the UF agents should be able to send logs to either both or any one indexer...so you will not miss any logs at all. (This is not high availability, this is actually load balancing). Pls suggest me if this understanding was wrong.

If you could provide us some more details about the requirements, we could help you better. Thanks. 

 

0 Karma
Reply

vijreddy30
Loves-to-Learn Everything
‎10-23-2023 03:24 AM

In zone-  HF instance and (SH+Indexer) one instance same Zone -2 also.

Here my project there is no Deployer, indexer cluster and SH cluster and there is no Cluster master also.

 

How do i implement High Availability server?

0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
‎10-23-2023 05:07 AM

Hi @vijreddy30 ... pls check your Profile's inbox.. i have sent a msg to you. 


this looks like a POC / test / dev environment setup. 

most probably you may not need "high availability" at all. 

we may need more details about what you meant by "high availability"..  thanks. 

 

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-21-2023 09:56 AM

I suppose it depends on what you mean by "high availability".  In my book, Splunk doesn't do HA, but I come from a fault-tolerant computing background.

The closest you'll get requires search head and indexer clusters, which is a bit more of an investment (both in servers and in management) than single instance Splunk servers.  Note that Splunk does not support HA for forwarders, Deployment Servers, or SHC Deployers.  See https://docs.splunk.com/Documentation/Splunk/9.1.1/Deploy/Useclusters and https://docs.splunk.com/Documentation/Splunk/9.1.1/Deploy/Indexercluster for more information.

 

---
If this reply helps you, Karma would be appreciated.
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...