Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Is it possible to set up a Splunk deployment with just 1 indexer and 1 search head?

Jarohnimo
Builder
‎07-14-2016 03:12 PM

Is it possible to set up Splunk with Just 1 Indexer, and 1 Search head? I began to attempt this through the Distributed Management Console, but received a nasty warning about not setting up DMC on a box that would be a SH as it would not be supported by Splunk. Is DMC not the way to go for this?

Is it possible to have a setup with only 2 servers (1 sh, 1 indexer)? If so, can someone please provide clear instruction on how to do so as this wasn't clear in the Splunk documentation I've read.

Respectfully,

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎07-16-2016 03:57 PM

Here's all you need to know about adding a search peer (indexer) to a search head: http://docs.splunk.com/Documentation/Splunk/6.4.2/DistSearch/Configuredistributedsearch

View solution in original post

Reply
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎07-16-2016 03:57 PM

Here's all you need to know about adding a search peer (indexer) to a search head: http://docs.splunk.com/Documentation/Splunk/6.4.2/DistSearch/Configuredistributedsearch

Reply
Solved! Jump to solution

Jarohnimo
Builder
‎07-16-2016 04:05 PM

Thank you, I'd like to vote yours as the correct answer but i'm unsure how to do so. It's only allowing me to accept the first person's response as the answer.. smh

0 Karma
Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎07-25-2016 01:49 PM

I have converted the comment, so if this answers your question you can accept it as such.

0 Karma
Reply
Solved! Jump to solution

ddrillic
Ultra Champion
‎07-14-2016 05:32 PM

The Small enterprise deployment: Single search head with multiple indexers describes a close enough scenario.

It shows -

alt text

In one of the original courses, they show a transition from one Splunk server to the original one as the Indexer and a new one as a SH. So, what you are trying to do is legitimate ; -)

Preview file
39 KB
Reply
Solved! Jump to solution

Jarohnimo
Builder
‎07-25-2016 06:09 PM

I downvoted this post because not the best answer

0 Karma
Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎07-16-2016 01:31 AM

Works just fine, just make sure you have the spare capacity to run a few scheduled things from the DMC.

0 Karma
Reply
Solved! Jump to solution

Jarohnimo
Builder
‎07-16-2016 03:51 PM

Can some one provide a how to guide link? I'm unable to find actual instructions on how to set this up. I find lots of articles that tal about the concept and the technology but nothing as granular as.
Cd to bin and type splunk add indexer ..... <--- does something like this exist ? If so is it possible to setup via DMC?

0 Karma
Reply
Solved! Jump to solution

Jarohnimo
Builder
‎07-15-2016 08:13 PM

Anyone have any experience in this? I'm insure of how to set it up as DMC gives me that warning

I imagine there probably a way to do it all through command line if DMC doesn't support . Any direction or walk through / how to's to on how to make this happen is appreciated.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...