Deployment Architecture

Why we are integrating the search head cluster to indexer cluster?


I don't know what is the use of doing this.I am attaching the link:

0 Karma


If you don't configure each search head to search all the peers in the indexer cluster, you won't have it working properly.

The search head cluster is a cluster in an horizontal way, the search heads share configuration and other knowledge objects (this can be customized) and then you need to configure each one of them for the vertical link with the indexing layer, in the same Distributed Searches always worked in Splunk.

I know it would be cool if the captain search head talked to the cluster master, and then inform the others but at this stage that sounds much more complicated to do.

I hope I threw some light in there 🙂

0 Karma


You won't have to update the search peer list on the search heads.
If you don't have a search head cluster or an index cluster then you don't need to do it

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...