Deployment Architecture

Search head and Search Head Cluster to indexer server.

dustymehul
Explorer

We have a single Search Head Node which works over a Indexer Cluster.
All Configurations like users, roles, Dashboards etc are present on this Node.

We are now looking to create a Search Head cluster over the Indexer Cluster.
Mean while we set up the Search Head cluster, i want to keep the first node up and running as it is under use.

Question 1 - Is it possible to have an "individual node" and a "Search Head Cluster" running over an Indexer Cluster together?

Once Search Head Cluster is completely up, we plan to add the first remaining node as well in the cluster.

Question 2 - How to replicate all the existing configurations from this Node to Search Head Cluster. My understanding is that when we add a SH Node to SH Cluster, all the existing Configurations will be lost from the SH Node. And SH captain will push the cluster configuration to the newly added node. How to retain/replicate them to all servers of SH Cluster before adding the node?

0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

Answer 1 - Yes.

Answer 2 - If the individual node is not part of the SHC then the deployer will not touch it (it won't even know the node exists). Otherwise, you should copy the SH Node configs to the cluster before adding the node.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway
SplunkTrust
SplunkTrust

Answer 1 - Yes.

Answer 2 - If the individual node is not part of the SHC then the deployer will not touch it (it won't even know the node exists). Otherwise, you should copy the SH Node configs to the cluster before adding the node.

---
If this reply helps you, Karma would be appreciated.

dustymehul
Explorer

Thanks a Lot @richgalloway . Can you please share some reference links/pages where i can read about copying the SH Node configs to the cluster.

0 Karma

richgalloway
SplunkTrust
SplunkTrust
0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...