Deployment Architecture

Where can I find detailed documentation on best practices deploying search head and indexer clusters?

rewritex
Contributor

There is quite a lot of documentation about doing a Splunk deployment and I just want to see if anyone has a consolidate source/weblink on the subject. I am currently putting together a cluster and reading up on the activities ... I have a simple setup running now with a search head cluster and an indexer cluster, but I have many questions on a few things, do's-don'ts, best method, howto's ...etc

  1. Looking for step-by-steps docs on bringing in my indexed data and search apps/configs ... 1a. looking for current step-by-step cluster deployment docs/links!
  2. Looking for any purty and nice workflows with pop-up pictures ...
  3. Do I need a deployer, deployment server, master, and license server?
  4. Is a captain for search heads a current thing?

Thank you!

0 Karma
1 Solution

Steve_G_
Splunk Employee
Splunk Employee

This is a good place to start:

http://docs.splunk.com/Documentation/Splunk/6.4.1/Deploy/Indexercluster

It provides an overview procedure for deploying an indexer cluster (with, optionally, a search head cluster), with links out to other material that contains all the detailed steps. Setting up both indexer cluster and search cluster requires extensive configuration, so go through that high-level procedure carefully and follow all the links to the detailed procedures.

Also, regarding your other questions:

3) You might be able to combine the functionality of master and deployer, depending on your load. See: http://docs.splunk.com/Documentation/Splunk/6.4.1/Indexer/Systemrequirements#Additional_roles_for_th...

4) In a search head cluster, the captain is the member that controls the cluster. See http://docs.splunk.com/Documentation/Splunk/6.4.1/DistSearch/SHCarchitecture#Search_head_cluster_cap...

View solution in original post

Steve_G_
Splunk Employee
Splunk Employee

This is a good place to start:

http://docs.splunk.com/Documentation/Splunk/6.4.1/Deploy/Indexercluster

It provides an overview procedure for deploying an indexer cluster (with, optionally, a search head cluster), with links out to other material that contains all the detailed steps. Setting up both indexer cluster and search cluster requires extensive configuration, so go through that high-level procedure carefully and follow all the links to the detailed procedures.

Also, regarding your other questions:

3) You might be able to combine the functionality of master and deployer, depending on your load. See: http://docs.splunk.com/Documentation/Splunk/6.4.1/Indexer/Systemrequirements#Additional_roles_for_th...

4) In a search head cluster, the captain is the member that controls the cluster. See http://docs.splunk.com/Documentation/Splunk/6.4.1/DistSearch/SHCarchitecture#Search_head_cluster_cap...

Get Updates on the Splunk Community!

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...