The topic in the Capacity Planning Manual just covers the relative requirements for search heads and indexers, based on your capacity needs.

If you set up an indexer cluster, there are a large number of other issues that you need to accommodate, including the cluster node requirements. Those are not specifically related to capacity concerns, and thus are not covered in the Capacity Planning Manual.

Rather, look in the Managing Indexers and Clusters of Indexers manual, where indexer clusters are covered in detail. Specifically, read the systems requirements topic: https://docs.splunk.com/Documentation/Splunk/7.3.2/Indexer/Systemrequirements

Hi psaminadin,
Cluster Master and Master Node are the same thing!
When you speak of "recommendation page" are you speaking of Hardware reference o what else?
If you're speaking of Hardware reference, there isn't any reference for CM, but if you run an Health Check from the Monitoring Console, youll' have a warning for the configuration, that should be at least 12 CPUs and 12 GB of RAM.

Cluster Master MUST have a dedicated server, can eventually be shared with low impact instances as Deployer or License Master, but NEVER with Deployment Server, Indexer or Search Head.

As you can see at https://docs.splunk.com/Documentation/Splunk/7.3.2/Indexer/Systemrequirements , there are some main issues to note:

• Each cluster node (master, peer, or search head) must reside on a separate Splunk Enterprise instance;
• Each node instance must run on a separate machine or virtual machine, and each machine must be running the same operating system;
• All nodes must be connected over a network;
• There are strict version compatibility requirements between cluster nodes (they must have the same Splunk version).

Ciao.
Giuseppe