Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

enabling search head on a single clustered indexer

sonicZ
Contributor
‎03-26-2019 08:12 AM

I am in a situation where we have a PROD and DR index cluster in seperate data centers.
Recently our prod index cluster has moved to an entirely new data center, The old data center will be decomissioned soon as well
So i need to enable splunkweb on one of our DR indexers so it can act as a SH and continue indexing.
I am not too worried about performance as search will just be needed on the rare occasion.

If anyone could advise will regular migration steps work?
- copy old prod SH config (apps/users/) to indexer directory
- enable splunkweb

One prod index cluster
-5 indexers
-2 clustered SH
-1 master(for cluster HA)

One DR index cluster
-4 indexers
-1 master

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

nickhills
Ultra Champion
‎03-26-2019 08:30 AM

A Cluster Master is always a SH, although recommendation is not to use it as one
If you need only occasional/light use of it you could 'get away' with using the CM.
Obviously, this is not a recommendation for prod, but in a pinch...

Copy your apps/users as you have said, but you might want to disable any scheduled searches that run in your apps if you are just using it for ad-hoc searching

If my comment helps, please give it a thumbs up!

View solution in original post

Reply
Solved! Jump to solution
Solution

nickhills
Ultra Champion
‎03-26-2019 08:30 AM

A Cluster Master is always a SH, although recommendation is not to use it as one
If you need only occasional/light use of it you could 'get away' with using the CM.
Obviously, this is not a recommendation for prod, but in a pinch...

Copy your apps/users as you have said, but you might want to disable any scheduled searches that run in your apps if you are just using it for ad-hoc searching

If my comment helps, please give it a thumbs up!
Reply
Solved! Jump to solution

sonicZ
Contributor
‎03-26-2019 10:23 AM

Hmm, that might be a last ditch option a bit leery using the cluster master since it was a very minimal VM resource wise.
Actually i found a couple of VM's i may just end up using, splunk support replied and said using a indexer as a SH in a cluster is not supported anymore.

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...