Deployment Architecture
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Should the master node be a license slave?

dpham36
New Member
‎01-03-2018 02:43 PM

I have 1 master node, 2 peer nodes (indexers), and a separate search head. I've set up the search head as the license master (not the master node, as recommended in the documentation), and currently the 2 peer nodes (indexers) are license slaves that point to the new license master. Should I also configure the master node as a license slave?

Tags (1)
0 Karma
Reply

lguinn2
Legend
‎01-03-2018 03:18 PM

The master node must be a license slave. It must also be in the same pool as the indexers in the cluster.

0 Karma
Reply

dpham36
New Member
‎01-04-2018 05:51 AM

Ok great, that's what I thought (that it must be a license slave). As for the same pool - what if the indexers are in different pools? In my set up, they are all in the default 'auto_generated_pool_enterprise' (since I have the Enterprise license, and since I haven't created any custom pools), but I understand that you can set up different pools for different indexers to manage how much license volume each one is allowed to use per day...

0 Karma
Reply

dpham36
New Member
‎01-03-2018 02:47 PM

NOTE - From the documentation, I understand also that 'Any host in your Splunk Enterprise infrastructure that performs indexing must be licensed to do so. You can either run a standalone indexer with a license installed locally, or you can configure one of your Splunk Enterprise instances as a license master and set up a license pool from which other indexers, configured as license slaves, can draw. ' Will the master node be doing any indexing (meaning it will have to be turned into a license slave)?

0 Karma
Reply

somesoni2
Revered Legend
‎01-03-2018 02:51 PM

Are you forwarding logs, including _internal logs from Master node to your Indexers? If yes than no local indexing will be happening, so you set the master node with Forwarder license. Though, setting it as license slave would not hurt.

0 Karma
Reply

dpham36
New Member
‎01-03-2018 03:05 PM

I only planned on forwarding logs to the indexers (index cluster) from separate servers that have the Splunk Universal Forwarder installed. Unless the master node automatically forwards internal logs to it's peer nodes (the indexers), then no, I am not currently forwarding _internal logs to the indexers from the master node.

0 Karma
Reply
Get Updates on the Splunk Community!

Uncovering Multi-Account Fraud with Splunk Banking Analytics

Last month, I met with a Senior Fraud Analyst at a nationally recognized bank to discuss their recent success ...

Secure Your Future: A Deep Dive into the Compliance and Security Enhancements for the ...

What has been announced?  In the blog, “Preparing your Splunk Environment for OpensSSL3,”we announced the ...

New This Month in Splunk Observability Cloud - Synthetic Monitoring updates, UI ...

This month, we’re delivering several platform, infrastructure, application and digital experience monitoring ...
li.common.scroll-to.top