Hi SPlunkers,
Currently we have a single instance deployment i.e. we have a splunk enterprise console which has both indexer and search head on same instance. We are planning to setup high availability, can you please guide me the correct documentation which we can look into.
Hi @SS1,
at first you have to define the HA requirements:
in the first case you have to use both an Indexer Cluster and a Search Head Cluster.
In the second case you have to use only an Indexer Cluster.
For an Indexer Cluster is required at least:
Yu can find more infos at https://docs.splunk.com/Documentation/Splunk/8.1.1/Indexer/Basicclusterarchitecture
For a Search Head Cluster is required at least:
You can find more infos at https://docs.splunk.com/Documentation/Splunk/8.1.1/DistSearch/AboutSHC
Master Node must be a dedicated server.
Deployer is a role that can be shared with other roles (except: Search Head, Indexer, Master Node and Deployment Server).
Hardware and storage requirements depends on the data volume and searches, you can find more infos at:
https://docs.splunk.com/Documentation/Splunk/latest/Installation/Systemrequirements
https://docs.splunk.com/Documentation/Splunk/8.1.1/Capacity/Referencehardware
https://docs.splunk.com/Documentation/Splunk/8.1.1/Capacity/Estimateyourstoragerequirements
These are few informations about Splunk HA, but remember that Splunk architecture must be designed and planned with many attention by a specialist (Splunk Architect).
Ciao.
Giuseppe