Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Search heads HA

rajkumarv
Engager
‎12-11-2018 01:38 AM

Hi,

As per our design, we are planing to deploy 3 indexers in cluster and 2 search heads in HA. Can any one provide the detaiiled procedure on how to setup search heads in High Availability. Also please suggest is there any script available for deploying search head HA.

Tags (1)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎12-11-2018 04:26 AM

The closest you'll get to HA search heads is a Search Head Cluster (SHC). SHCs require at least 3 SHs. Note, this is not true HA.

For more about SHCs, see http://docs.splunk.com/Documentation/Splunk/7.2.1/DistSearch/SHCdeploymentoverview.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

rajkumarv
Engager
‎12-13-2018 01:42 AM

Hi, Thanks. We have only two search heads and will be configured in active and standby using load balancer. Do we have any custom script available to take incremental backups of the configuration and KV store from the primary node and replicated to standby?. Please advice.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎12-13-2018 04:28 AM

Any publicly-available scripts would not be custom. You'll probably have to create your own. The ConfigurationSync app (https://splunkbase.splunk.com/app/574/) is very outdated, but may give you some hints.

To back up the KV Store, try the Gemini KV Store Tools app at https://splunkbase.splunk.com/app/3536/.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

rajkumarv
Engager
‎12-12-2018 10:37 PM

Thanks Richgalloway. As per the design we have only two search heads and want to be in active and passive. Can we use load balancer to meet the requirement of active and passive?. Also these Splunk instances will be deployed in Windows platform. So can I use Windows based load balancer?.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎12-13-2018 05:42 AM

I believe load balancers expect both sides to be available, but perhaps yours can be configured otherwise.

I'm not familiar with Windows-based LBs.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...