Could you help me with how to do this in the case where there are two indexers that are not in a cluster please?

Clustering is an internal thing of the indexers from the source's (in this case your search head's) point of view it doesn't matter. You just set the output group to both your indexers and you're good. If your indexers were clustered they'd replicate the incoming data among themselves. When they're not clustered only the one directly receiving event will hold it.

Hi @BRFZ ,

you have to go in [Settings > Forwarding and Receiving > Forwarding ] of your SHs and configure the forwarding of all logs to your indexers, inserting both your indexers.

This activity should be done on all your Splunk Servers except Indexers themselves (e.g. also on Deployment Server, if you have).

If you have not clustered indexers , it's the same thing in forwarding, obviously, if one of them is down, you'll have in your searches half of data.

Ciao.

Giuseppe

Thank you for your response. Could you help me with the second problem ? 

I have installed the add-on on the Search Head, and the index where the collected data is stored is located on the search head at the following path : '/opt/splunk/etc/apps/search/local/indexes.conf' 
How can I direct this index to both indexers that are not in a cluster ?

Hi @BRFZ ,

let me understand: are you using the SH to collect events?

this isn't a best practice.

Anyway, if you are forwarding events from the SH to the indexers, you should be ok.

Ciao.

Giuseppe

Yes, I installed an aadd-on on the search head, and I intend to send the data to the indexers for storage. However, the index was stored in this path /opt/splunk/etc/apps/search/local/indexers.conf instead of /opt/splunk/etc/system, so I don't see where I can configure the outputs to send the data.