Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Search Head Pooling Replicate Bundle

ephemeric
Contributor
‎10-06-2011 09:08 AM

Greetz,

Must one use mounted bundles with search head pooling?

I would like to enable search head pooling with minimal effort to start testing in a production environment.

So, can we use 4.2.3 with asynchronous bundle replication with search head pooling and "upgrade" to mounted bundles at a later stage?

Thanks.

Reply
1 Solution
Solved! Jump to solution
Solution

ewoo
Splunk Employee
Splunk Employee
‎10-28-2011 09:38 AM

You do not need to use mounted bundles with search head pooling. You can rely on bundle replication to copy configurations from your search heads to your indexers.

You can upgrade to mounted bundles at a later stage.

View solution in original post

Reply
Solved! Jump to solution
Solution

ewoo
Splunk Employee
Splunk Employee
‎10-28-2011 09:38 AM

You do not need to use mounted bundles with search head pooling. You can rely on bundle replication to copy configurations from your search heads to your indexers.

You can upgrade to mounted bundles at a later stage.

Reply
Solved! Jump to solution

ewoo
Splunk Employee
Splunk Employee
‎04-21-2014 12:17 AM

Whether or not your see bundles per-search-head or per-pool depends on the version of Splunk on your search heads. In 4.3.x and earlier, each search head replicates its own bundles by default. In 5.0 and higher, search heads send bundles on a per-pool basis -- see the "useSHPBundleReplication" setting in distsearch.conf.

In other words, the default behavior before 5.0 is to replicate bundles by serverName. In 5.0 and later, the default behavior is to replicate by search head pool GUID.

0 Karma
Reply
Solved! Jump to solution

rtadams89
Contributor
‎04-20-2014 08:13 PM

I don't think this is correct. The pool should only send one bundle. If you look on your indexer, you'll see the bundles identified by the search pool GUID instead of the server names of the individual search heads in the pool.

0 Karma
Reply
Solved! Jump to solution

ewoo
Splunk Employee
Splunk Employee
‎01-24-2012 09:06 PM

Correct -- with 2 heads in a pool and no mounted bundles, each search head sends a copy of the bundles.

Reply
Solved! Jump to solution

dhaffner
Path Finder
‎12-16-2011 02:07 PM

Does this mean that, for example, with 2 search heads in a pool, and no mounted bundles, each search head will send it's own bundle? Or will there be only one bundle that gets sent out to the peers?

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...