Deployment Architecture

Single-server Splunk (S1) on windows server 2012 2-node failover cluster - good idea?


We need a High Availability (HA) Splunk Environment. The ideal architecture would be Distributed Clustered Deployment + SHC - Single Site (C3 / C13), which includes a 2-node Indexer Cluster, 3-node Search Head Cluster, 1 Deployment Server, etc.

But, we only have 2 available servers-virtual machine with Win 2012. So, I'm thinking to build a 2-node Windows Server Failover Cluster, then install a Single Splunk Server (S1) (one instance includes Search Head and Indexer) on this cluster. Is this possible?

I don't have much experience on Splunk architecture. I did research online, seems no one mentioned this solution. Is this a good idea? any Pros and Cons? Any suggestions are welcome. Thank you!

0 Karma
Get Updates on the Splunk Community!

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Attention everyone! We have exciting news to share! We are recruiting new members for the Mission Possible: ...

Unify Your SecOps with Splunk Mission Control

In today’s post, I'm excited to share some recent Splunk Mission Control innovations. With Splunk Mission ...

Data Preparation Made Easy: SPL2 for Edge Processor

By now, you may have heard the exciting news that Edge Processor, the easy-to-use Splunk data preparation tool ...