Solved: Re: Multisite deployment with indexers and search ...

laithmurad · ‎05-25-2014

Initially we were going to go with a standalone single Splunk server, but we have a requirement for a DR strategy, and the multisite cluster seems like the best way to go.

We're going to be provisioning 3 windows servers to achieve this, which would be functioning like this:

1 server for cluster master in site A.

1 server acting like an indexer peer and a search head in site A.

1 server acting like an indexer peer and a search head in site B.

I'm combining the search head and the indexer functionality within the same server because we don't have huge amount of data to index, and we will not be performing searches constantly.

Do we need to install 2 instances of Splunk in each server? One instance as a search head and another one as an indexer? Or can I achieve this with a single Splunk instance(installation) in each server?

Thanks.

mahamed_splunk · ‎05-27-2014

You would require 2 instances (one for indexer, and one for search head).

View solution in original post

mahamed_splunk · ‎05-27-2014

You would require 2 instances (one for indexer, and one for search head).

Multisite deployment with indexers and search heads on the same machine

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

.conf24 | Personalize your .conf experience with Learning Paths!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...