Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Search Head Pooling Replicate Bundle

ephemeric
Contributor
‎10-06-2011 09:08 AM

Greetz,

Must one use mounted bundles with search head pooling?

I would like to enable search head pooling with minimal effort to start testing in a production environment.

So, can we use 4.2.3 with asynchronous bundle replication with search head pooling and "upgrade" to mounted bundles at a later stage?

Thanks.

Reply
1 Solution
Solved! Jump to solution
Solution

ewoo
Splunk Employee
Splunk Employee
‎10-28-2011 09:38 AM

You do not need to use mounted bundles with search head pooling. You can rely on bundle replication to copy configurations from your search heads to your indexers.

You can upgrade to mounted bundles at a later stage.

View solution in original post

Reply
Solved! Jump to solution
Solution

ewoo
Splunk Employee
Splunk Employee
‎10-28-2011 09:38 AM

You do not need to use mounted bundles with search head pooling. You can rely on bundle replication to copy configurations from your search heads to your indexers.

You can upgrade to mounted bundles at a later stage.

Reply
Solved! Jump to solution

ewoo
Splunk Employee
Splunk Employee
‎04-21-2014 12:17 AM

Whether or not your see bundles per-search-head or per-pool depends on the version of Splunk on your search heads. In 4.3.x and earlier, each search head replicates its own bundles by default. In 5.0 and higher, search heads send bundles on a per-pool basis -- see the "useSHPBundleReplication" setting in distsearch.conf.

In other words, the default behavior before 5.0 is to replicate bundles by serverName. In 5.0 and later, the default behavior is to replicate by search head pool GUID.

0 Karma
Reply
Solved! Jump to solution

rtadams89
Contributor
‎04-20-2014 08:13 PM

I don't think this is correct. The pool should only send one bundle. If you look on your indexer, you'll see the bundles identified by the search pool GUID instead of the server names of the individual search heads in the pool.

0 Karma
Reply
Solved! Jump to solution

ewoo
Splunk Employee
Splunk Employee
‎01-24-2012 09:06 PM

Correct -- with 2 heads in a pool and no mounted bundles, each search head sends a copy of the bundles.

Reply
Solved! Jump to solution

dhaffner
Path Finder
‎12-16-2011 02:07 PM

Does this mean that, for example, with 2 search heads in a pool, and no mounted bundles, each search head will send it's own bundle? Or will there be only one bundle that gets sent out to the peers?

Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...