Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Can I add an Index-Cluster to a Multisite-Index-Cluster

pinVie
Path Finder
‎09-14-2015 03:51 AM

Hello all,

I currently have a quite big splunk infrastructure with a multisite cluster (5 sites) each site has two indexer server. Additionally I have a smaller site with a completely independent Splunk Setup - it consists of several forwarders, a search head and one index-cluster (two server as well).

Is there any possibility to add this single index-cluster into the multisite cluster (as site Nr. 6) without loosing any data ?

Thx a lot for your help!

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mahamed_splunk
Splunk Employee
Splunk Employee
‎09-14-2015 09:06 AM

So you want to add the Site 6 to the existing multisite cluster ? Yes, you can do that. Keep in mind that the existing data in Site 6 will still remain in Site 6 and will not be replicated to other sites. Any new data you index in Site 6 will follow the site policies and get replicated to other sites

View solution in original post

Reply
Solved! Jump to solution
Solution

mahamed_splunk
Splunk Employee
Splunk Employee
‎09-14-2015 09:06 AM

So you want to add the Site 6 to the existing multisite cluster ? Yes, you can do that. Keep in mind that the existing data in Site 6 will still remain in Site 6 and will not be replicated to other sites. Any new data you index in Site 6 will follow the site policies and get replicated to other sites

Reply
Solved! Jump to solution

pinVie
Path Finder
‎09-14-2015 10:11 PM

Ok - thank you for this information. How would I do this ? Just remove the Cluster-Master for Site 6 and configure the "Multi-Site-Cluster-ClusterMaster" + the additional Multi-Site settings for the two indexers on site 6 ?

0 Karma
Reply
Solved! Jump to solution

mahamed_splunk
Splunk Employee
Splunk Employee
‎09-14-2015 10:27 PM

yes. Update the Site 6 indexers Cluster Master URI to point to Multisite Cluster Master URI and add site = site6 values. That's all.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...