Deployment Architecture

Where can I find detailed documentation on best practices deploying search head and indexer clusters?

rewritex
Contributor

There is quite a lot of documentation about doing a Splunk deployment and I just want to see if anyone has a consolidate source/weblink on the subject. I am currently putting together a cluster and reading up on the activities ... I have a simple setup running now with a search head cluster and an indexer cluster, but I have many questions on a few things, do's-don'ts, best method, howto's ...etc

  1. Looking for step-by-steps docs on bringing in my indexed data and search apps/configs ... 1a. looking for current step-by-step cluster deployment docs/links!
  2. Looking for any purty and nice workflows with pop-up pictures ...
  3. Do I need a deployer, deployment server, master, and license server?
  4. Is a captain for search heads a current thing?

Thank you!

0 Karma
1 Solution

Steve_G_
Splunk Employee
Splunk Employee

This is a good place to start:

http://docs.splunk.com/Documentation/Splunk/6.4.1/Deploy/Indexercluster

It provides an overview procedure for deploying an indexer cluster (with, optionally, a search head cluster), with links out to other material that contains all the detailed steps. Setting up both indexer cluster and search cluster requires extensive configuration, so go through that high-level procedure carefully and follow all the links to the detailed procedures.

Also, regarding your other questions:

3) You might be able to combine the functionality of master and deployer, depending on your load. See: http://docs.splunk.com/Documentation/Splunk/6.4.1/Indexer/Systemrequirements#Additional_roles_for_th...

4) In a search head cluster, the captain is the member that controls the cluster. See http://docs.splunk.com/Documentation/Splunk/6.4.1/DistSearch/SHCarchitecture#Search_head_cluster_cap...

View solution in original post

Steve_G_
Splunk Employee
Splunk Employee

This is a good place to start:

http://docs.splunk.com/Documentation/Splunk/6.4.1/Deploy/Indexercluster

It provides an overview procedure for deploying an indexer cluster (with, optionally, a search head cluster), with links out to other material that contains all the detailed steps. Setting up both indexer cluster and search cluster requires extensive configuration, so go through that high-level procedure carefully and follow all the links to the detailed procedures.

Also, regarding your other questions:

3) You might be able to combine the functionality of master and deployer, depending on your load. See: http://docs.splunk.com/Documentation/Splunk/6.4.1/Indexer/Systemrequirements#Additional_roles_for_th...

4) In a search head cluster, the captain is the member that controls the cluster. See http://docs.splunk.com/Documentation/Splunk/6.4.1/DistSearch/SHCarchitecture#Search_head_cluster_cap...

Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...