Solved: Search Head Pooling on Multiple Clusters

nivedita_viswan · ‎11-10-2014

I have 2 clusters located at different sites. Each cluster has a search head, a master and 2 peer nodes. I have added the masters of both the clusters to both the search heads. As a result, I can access data from all 4 peer nodes from each search head.
I would like to enable search head pooling such that the 2 search heads are replicas of each other. I'll also be introducing a load balancer to distribute the load across the two search heads. However, if a user creates a report when he is connected to 1 of the search heads, where would the report be stores? Also, the next time the user logs in, the load balancer might direct him to the other search head? Would the report be accessible from this search head? Would copying all apps and user data to a shared location overcome this issue?

Raghav2384 · ‎11-10-2014

In short, Search Head pooling does make stuff available. Please see http://docs.splunk.com/Documentation/Splunk/6.2.0/DistSearch/Configuresearchheadpooling.
Splunk recommends NFS for knowledge bundles.

With v6.2, there's a whole new game http://docs.splunk.com/Documentation/Splunk/6.2.0/DistSearch/AboutSHC. Hope this helps

View solution in original post

Raghav2384 · ‎11-10-2014

In short, Search Head pooling does make stuff available. Please see http://docs.splunk.com/Documentation/Splunk/6.2.0/DistSearch/Configuresearchheadpooling.
Splunk recommends NFS for knowledge bundles.

With v6.2, there's a whole new game http://docs.splunk.com/Documentation/Splunk/6.2.0/DistSearch/AboutSHC. Hope this helps

Search Head Pooling on Multiple Clusters

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM