Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Is there a high availability capability for the indexer discovery feature?

ddrillic
Ultra Champion
‎02-13-2018 04:48 PM

Based on Use indexer discovery to connect forwarders to peer nodes

and the original question at - How can the forwarder detect available indexers?

We wonder about the high availability aspect of this solution. After all the master node can be down while with the conventional method, high availability is built in as we connect to a set of indexers.

Tags (1)
0 Karma
Reply

deepashri_123
Motivator
‎02-15-2018 01:29 AM

Hi ddrillic,

Even if the master goes down the forwarder will continue to send data to the indexer that it was sending earlier. There would be no data loss unless the indexer to which the forwarder was sending data goes down. After the master is restored again it will continue sending data to all indexers.
You can refer this doc:
https://docs.splunk.com/Documentation/Splunk/latest/Indexer/Whathappenswhenamasternodegoesdown

0 Karma
Reply

FrankVl
Ultra Champion
‎02-14-2018 07:55 AM

If you're worried about that mechanism failing, you could also look at using DNS round robin by setting up a DNS record that points to all your indexers and then put that DNS name in your outputs.conf on your forwarders. Then you just need to make sure whenever you change the indexer cluster (e.g. add a node), to also update the DNS record.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...