Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Can you run multisite clusters with different OS?

fatemabwesnet
New Member
‎11-01-2021 11:59 AM

Hi,

 

I wanted to ask if multisite Splunk clusters can run different Operating systems without any issues.

For example, cluster on site1 runs CentOS on peers, SH cluster and master node, and we would like to deploy site2 cluster with ubuntu on all the cluster members. would that cause any problems with Splunk's functionality?

 

Thanks in advance.

Labels (1)
Labels
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎11-01-2021 03:03 PM

We had similar question lately 🙂

According to the docs, all cluster members should use the same splunk software version and the same operating system, but in my opinion it means that whole cluster must be linux-based or windows based. As long as you meet the minimal requirements, you're theoreticaly good to go.

But. From the maintenance point of view, I wouldn't mix the distributions, versions, releases and so on. Having inconsostent software across the cluster could result in some hard-to-debug and hard-to-reproduce errors.

If you're brave enough you could go for CentOS in one site and Ubuntu in the other but I'd definitely try some test environment first.

Oh, and while we're at it why not give Rocky Linux a go?

0 Karma
Reply

fatemabwesnet
New Member
‎11-01-2021 12:15 PM

Thanks! That's good to know. Since CentOS is going limited support soon, we were wondering if that is worth moving away from using CentOS and hence were thinking of trying out Ubuntu. 

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎11-01-2021 12:20 PM
If you want to replace the whole cluster’s OS, you should ensure that all libraries, packages etc. a enough close to each other in version point of view. And keep splunk on exactly same level until you have switch OS for all nodes. And try to do this as soon as possible.

Disclaimer: I haven’t try this and I don’t give any guarantee that this will work! You will try it by your own risk!
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎11-01-2021 12:05 PM

Hi

probably you can run it with different OS versions if those are enough close by versions? Maybe even issues, but this will generate to you (a lot of) additional management overhead without real benefits. In curiosity, why you would like to do it? If you will got any issues and ask help from splunk support, I suppose that the first request will be the same OS on all nodes  

Personally I try to keep all nodes in same OS with same package and patch level. It’s match easier to manage with scripts an/or automation.

r. Ismo

 

0 Karma
Reply
Get Updates on the Splunk Community!

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Get Inspired! We’ve Got Validation that Your Hard Work is Paying Off

We love our Splunk Community and want you to feel inspired by all your hard work! Eric Fusilero, our VP of ...