Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

When configuring search head cluster data forwarding to the search peer (indexer) layer, should the server attribute in the tcpout: stanza of the output.conf specify each peer in the indexer cluster or can it point to the cluster master?

transtrophe
Communicator
‎03-28-2015 07:11 PM
 
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

esix_splunk
Splunk Employee
Splunk Employee
‎03-29-2015 06:02 AM

Outputs.conf need to point to each indexer in your instance, not the cluster master. The cluster master doesn't designate to members where to index, but where to search.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

transtrophe
Communicator
‎03-29-2015 08:14 AM

OK, thanks. I will make the configuration of outputs.conf accordingly. It does seem that this mechanism adds to the management complexity of forwarding the internal search head member data to the index cluster (which is indicated as a best practice), especially if the members of an index cluster are going to grow as the index cluster needs to grow for capacity/performance reasons.

On the other hand, using shc deployers to push the configuration changes to the shc members reduces some of this administrative burden, I suppose.

It's kind of too bad that the outputs.conf can't just point to the index cluster master node and let some internal mechanisms between the index cluster master and the shc members take care of the forwarding interactions, but if that's not how it works that's just the way it is - lol.

0 Karma
Reply
Solved! Jump to solution
Solution

esix_splunk
Splunk Employee
Splunk Employee
‎03-29-2015 06:02 AM

Outputs.conf need to point to each indexer in your instance, not the cluster master. The cluster master doesn't designate to members where to index, but where to search.

0 Karma
Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...