Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Single search head and single indexer

timsheets13
Loves-to-Learn
‎06-15-2021 06:32 AM

I have seen in other threads that this questions has been asked before but I can't seem to find an answer.  I have a single "all in one" instance.  I have built another Splunk server and would like it to be a dedicated search head and leave the original as a dedicated indexer.

Is there a way to set this up without clustering?  Obviously, no cluster is needed with one of each Splunk server role.

THanks

Labels (1)
Labels
Tags (1)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎06-15-2021 07:20 AM

Hi @timsheets13,

you have to see in [Settings -- Distributed Search] and configure the new machine as a Search Head, setting the old machine as a Search peer.

Cluster is another thing non applicable to your architecture.

You can find more infos at https://docs.splunk.com/Documentation/Splunk/8.2.0/DistSearch/Whatisdistributedsearch

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Lantern | Getting Started with Edge Processor, Machine Learning Toolkit ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 2 releases of new security content via the ...

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We are happy to announce the 20 lucky questers who are selected to be the first round of Champion's Tribute ...