Process for adding addtional Indexers + dedicated ...

chrome · ‎07-23-2012

I'm looking for current documentation/process for adding additional indexers and moving to dedicated search head.

Our current setup is a search head + indexer and 2 dedicated indexers.

We would like to add 2 new servers. 1 would be used as a dedicated search head and the other will be a dedicated indexer. So, net result would be 1 dedicated search head and 3 indexers. Also, not sure if I should remove search head from existing server or leave for summary indexes.

These are the documents I've reviewed:
Install dedicated search head
http://docs.splunk.com/Documentation/Splunk/4.3.3/Deploy/Installadedicatedsearchhead

Options for migrating search head data..
http://splunk-base.splunk.com/answers/37826/move-a-vm-search-head-to-a-new-physical-server

Migrating index data…
http://splunk-base.splunk.com/answers/6521/expanding-splunk-installation-from-a-single-indexer-to-a-...

gkanapathy · ‎07-23-2012

It might be useful to understand http://wiki.splunk.com/Where_do_I_configure_my_Splunk_settings%3F if you are moving from a system with indexing and search on a single node to one where the operations (and the corresponding configuration) is on different nodes.

Process for adding addtional Indexers + dedicated search head

Updated Team Landing Page in Splunk Observability

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...