Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk Failover Capabilities - DNS

adnankhan5133
Communicator
‎07-13-2020 06:38 AM

We have a multi-site (Production - Site 1, DR - Site 2) Enterprise Security deployment with clustered indexing. Search clustering is not enabled since we have 1 ES SH + 1 Ad-Hoc SH, each in Prod and DR. We'll pursue clustering at a later point in time once more users begin adopting Splunk and requirements grow more stringent.

We're trying to come up with a solution to make the transition from Prod --> DR simpler in the event of a disaster. If traffic needs to get routed to the Cluster Master, Deployment Server, License Master, and Monitoring Console located on the DR site in the event that they are unavailable, where should I configure the CNAME and map that to the DR hostnames for these Splunk components?

Creating the CNAME DNS records for the CM, DS, LM, MC is the easy part but we're just unsure if the CNAMEs need to be identified in a conf file or elsewhere...

Labels (3)
Tags (1)
0 Karma
Reply

esix_splunk
Splunk Employee
Splunk Employee
‎07-13-2020 07:01 PM

On the Splunk side, you just need to configure everything with your DNS names, and use name resolution. For the DNS side, you can update your CNAMES in DR. CNAMEs just point to A records.

This is very common.

E.g.,

Primary Hosts-

DNS A Record : splunk-cm-live  10.1.1.1            with CNAME splunk-cm

DNS A Record : splunk-sh-live 10.1.1.2.              with CNAME splunk-sh

 

For the DR Sites

DNS A Record : splunk-cm-dr 10.2.1.1

DNS A Record : splunk-sh-dr  10.2.1.2   

 

Once a failover occurs, you update the CNAMEs to reflect the DR A records. This can be automated, and usually is. SSL Certs would be sticky point here, if they are host name based.

Splunk config files point to the cnames.

 

 

Reply

adnankhan5133
Communicator
‎07-19-2020 07:08 PM

Thanks so much for your reply - this is very helpful. Specifically, which Splunk conf. files would need to point to the CNAMEs?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...

Global Splunk User Group Events: May + June 2026

Your Splunk Community Awaits: Discover Upcoming User Group Events Worldwide    Staying ahead in the fast-paced ...