Hi all,
I have an architecture with a search head cluster (3 members) and and 2 indexers, that are not in cluster.
Which is the best way to turn the 2 indexers in a indexer cluster and then add it to the search head cluster?
Thanks in advance.
Hi,
To create a new Indexer Cluster, you need a additional Splunk machine to use as Cluster Master.
You can use this documentation to configure a New Cluster Master.https://docs.splunk.com/Documentation/Splunk/8.1.1/Indexer/ConfiguremanagerwithCLINotice that you can use only a max of 2 in Replication and Search Factor because you have only two Indexers.Add your indexers to Cluster following this documentation:https://docs.splunk.com/Documentation/Splunk/8.1.1/Indexer/ConfigurepeerswithCLIThe last step is add your Search Head Cluster nodes to Indexer Cluster using this documentation:https://docs.splunk.com/Documentation/Splunk/8.1.1/DistSearch/SHCandindexercluster*Consider that in an Indexer Cluster it is recommended to have at least 3 Indexers.
Splunk has a document for that. See https://docs.splunk.com/Documentation/Splunk/8.1.1/Indexer/Migratenon-clusteredindexerstoaclusterede...
