Getting Data In
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Can you run multisite clusters with different OS?

fatemabwesnet
New Member
‎11-01-2021 11:59 AM

Hi,

 

I wanted to ask if multisite Splunk clusters can run different Operating systems without any issues.

For example, cluster on site1 runs CentOS on peers, SH cluster and master node, and we would like to deploy site2 cluster with ubuntu on all the cluster members. would that cause any problems with Splunk's functionality?

 

Thanks in advance.

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎11-01-2021 03:03 PM

We had similar question lately 🙂

According to the docs, all cluster members should use the same splunk software version and the same operating system, but in my opinion it means that whole cluster must be linux-based or windows based. As long as you meet the minimal requirements, you're theoreticaly good to go.

But. From the maintenance point of view, I wouldn't mix the distributions, versions, releases and so on. Having inconsostent software across the cluster could result in some hard-to-debug and hard-to-reproduce errors.

If you're brave enough you could go for CentOS in one site and Ubuntu in the other but I'd definitely try some test environment first.

Oh, and while we're at it why not give Rocky Linux a go?

0 Karma
Reply

fatemabwesnet
New Member
‎11-01-2021 12:15 PM

Thanks! That's good to know. Since CentOS is going limited support soon, we were wondering if that is worth moving away from using CentOS and hence were thinking of trying out Ubuntu. 

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎11-01-2021 12:20 PM
If you want to replace the whole cluster’s OS, you should ensure that all libraries, packages etc. a enough close to each other in version point of view. And keep splunk on exactly same level until you have switch OS for all nodes. And try to do this as soon as possible.

Disclaimer: I haven’t try this and I don’t give any guarantee that this will work! You will try it by your own risk!
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎11-01-2021 12:05 PM

Hi

probably you can run it with different OS versions if those are enough close by versions? Maybe even issues, but this will generate to you (a lot of) additional management overhead without real benefits. In curiosity, why you would like to do it? If you will got any issues and ask help from splunk support, I suppose that the first request will be the same OS on all nodes  

Personally I try to keep all nodes in same OS with same package and patch level. It’s match easier to manage with scripts an/or automation.

r. Ismo

 

0 Karma
Reply
Get Updates on the Splunk Community!

Uncovering Multi-Account Fraud with Splunk Banking Analytics

Last month, I met with a Senior Fraud Analyst at a nationally recognized bank to discuss their recent success ...

Secure Your Future: A Deep Dive into the Compliance and Security Enhancements for the ...

What has been announced?  In the blog, “Preparing your Splunk Environment for OpensSSL3,”we announced the ...

New This Month in Splunk Observability Cloud - Synthetic Monitoring updates, UI ...

This month, we’re delivering several platform, infrastructure, application and digital experience monitoring ...
Top