Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can I add an Index-Cluster to a Multisite-Index-Cluster

pinVie
Path Finder
‎09-14-2015 03:51 AM

Hello all,

I currently have a quite big splunk infrastructure with a multisite cluster (5 sites) each site has two indexer server. Additionally I have a smaller site with a completely independent Splunk Setup - it consists of several forwarders, a search head and one index-cluster (two server as well).

Is there any possibility to add this single index-cluster into the multisite cluster (as site Nr. 6) without loosing any data ?

Thx a lot for your help!

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mahamed_splunk
Splunk Employee
Splunk Employee
‎09-14-2015 09:06 AM

So you want to add the Site 6 to the existing multisite cluster ? Yes, you can do that. Keep in mind that the existing data in Site 6 will still remain in Site 6 and will not be replicated to other sites. Any new data you index in Site 6 will follow the site policies and get replicated to other sites

View solution in original post

Reply
Solved! Jump to solution
Solution

mahamed_splunk
Splunk Employee
Splunk Employee
‎09-14-2015 09:06 AM

So you want to add the Site 6 to the existing multisite cluster ? Yes, you can do that. Keep in mind that the existing data in Site 6 will still remain in Site 6 and will not be replicated to other sites. Any new data you index in Site 6 will follow the site policies and get replicated to other sites

Reply
Solved! Jump to solution

pinVie
Path Finder
‎09-14-2015 10:11 PM

Ok - thank you for this information. How would I do this ? Just remove the Cluster-Master for Site 6 and configure the "Multi-Site-Cluster-ClusterMaster" + the additional Multi-Site settings for the two indexers on site 6 ?

0 Karma
Reply
Solved! Jump to solution

mahamed_splunk
Splunk Employee
Splunk Employee
‎09-14-2015 10:27 PM

yes. Update the Site 6 indexers Cluster Master URI to point to Multisite Cluster Master URI and add site = site6 values. That's all.

0 Karma
Reply
Get Updates on the Splunk Community!

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...