Deployment Architecture

Search Head Clustering Question

Explorer

Hi,
I currently have a standalone Search Head and I will soon be deploying a search Head Cluster using 3 different machines. Before deploying the Cluster, Do I need to first remove the Standalone Search Head? I am planning to use the Standalone Search Head as the Deployer to push the configs to Cluster Members. Also, can I move the user accounts from Current search Head into to the cluster?

Thanks,
Joseph

0 Karma
1 Solution

Motivator

Hi,

Here's the process for setting up a SHC.

First: Pick a deployer and this should be the first box to setup
Second: Initialize SHC member by telling them who the boss is (Deployer)
Third: Elect a captain

you can export all the views,searches etc from different app contexts from your existing search to be on safe side.

http://docs.splunk.com/Documentation/Splunk/6.2.3/DistSearch/PropagateSHCconfigurationchanges

Hope this helps!
Thanks,
Raghav

View solution in original post

New Member

I have a certain doubt.

"you can export all the views,searches etc from different app contexts from your existing search to be on safe side"

If I setup search head clustering later on. How do the dashboards, artifacts etc. Propagate from one site to the other? Should I back them up first ? Is this what you mean by exporting them to be safe?

0 Karma

Motivator

Hi,

Here's the process for setting up a SHC.

First: Pick a deployer and this should be the first box to setup
Second: Initialize SHC member by telling them who the boss is (Deployer)
Third: Elect a captain

you can export all the views,searches etc from different app contexts from your existing search to be on safe side.

http://docs.splunk.com/Documentation/Splunk/6.2.3/DistSearch/PropagateSHCconfigurationchanges

Hope this helps!
Thanks,
Raghav

View solution in original post

New Member

sorry I posted this twice somehow it didn't update

0 Karma

New Member

I have a certain doubt.

"you can export all the views,searches etc from different app contexts from your existing search to be on safe side"

If I setup search head clustering later on. How do the dashboards, artifacts etc. Propagate from one site to the other? Should I back them up first ? Is this what you mean by exporting them to be safe?

0 Karma

Path Finder

I have a question here. If all the search heads are same, do we still need to setup deployer before initializing SHC member?

0 Karma

Splunk Employee
Splunk Employee

Yes. Deployer has to be defined in the configurations.

0 Karma

Path Finder

Thanks for your reply.

However, I check the document: http://docs.splunk.com/Documentation/Splunk/6.5.0/DistSearch/SHCdeploymentoverview

It says:
"It is recommended that you select the deployer now, as part of cluster set-up, because you need a deployer in place before you can distribute apps and updated configurations to the cluster members."
Does it mean that if we dont need to distribute apps and update configuration, there is no need to setup the deployer?

Another one:
"The -confdeployfetch_url parameter specifies the URL and management port for the deployer instance. This parameter is optional during initialization, but you do need to set it before you can use the deployer functionality. See "Use the deployer to distribute apps and configuration updates." "

I just setup a SH cluster with 3 nodes and without deployer, but when I run the command "show shcluster-status", the member list just shows the captian, no other member. This is same when running the command on each search head.

[root@deploy-searchhead01 ~]# /opt/splunk/bin/splunk bootstrap shcluster-captain -servers_list "https://deploy-searchhead01.bigdata.emc.local:8089,https://deploy-searchhead02.bigdata.emc.local:808..." -auth admin:changeme
Successfully bootstrapped this node as the captain with the given servers.
[root@deploy-searchhead01 ~]# /opt/splunk/bin/splunk show shcluster-status -auth admin:changeme

Captain:
dynamiccaptain : 1
elected
captain : Fri Oct 21 12:20:43 2016
id : 6F21DCB3-0E06-4AA0-8E1C-7FE2D2712588
initializedflag : 0
label : deploy-searchhead01.bigdata.emc.local
mgmt
uri : https://deploy-searchhead01.bigdata.emc.local:8089
minpeersjoinedflag : 0
rolling
restartflag : 0
service
ready_flag : 0

Members:
deploy-searchhead01.bigdata.emc.local
label : deploy-searchhead01.bigdata.emc.local
mgmturi : https://deploy-searchhead01.bigdata.emc.local:8089
mgmt
uri_alias : https://172.16.1.72:8089

status : Up

Thank you very much if you can help on it.

0 Karma

Path Finder

issue fixed. Check the log for reason: splunk/var/log/splunk/splunkd.log

0 Karma

Explorer

Thanks for your response.SO, Can both a Standalone Search Head and a Search Head Cluster co-exist in the same environment?

Thanks

0 Karma

Motivator

Didn't understand your question. Are you talking about having two separate instances?If yes, you can have 100s of instances as long as the SHC member is not part of another distributed search (Which is not possible by the way)

0 Karma

Explorer

I was thinking about having a standalone search head and a cluster at the same time. I am planning to migrate to Search Head Cluster and I want to maintain a Backup Search Head (standalone) until I verify that the cluster is working fine.

0 Karma

Motivator

Absolutely! That is quite possible

0 Karma

Explorer

Thankyou..

0 Karma

Contributor

Yes standalone and SH cluster can co exist. But the knowledge objects,users and roles will be limited to SHC or standalone depending where they exist. You cannot use the knowledge objects created on Standalone in SHC and vice versa.

0 Karma

Explorer

Thanks.....

0 Karma