Re: Add a standalone search head

jwilliams · ‎08-23-2020

Hello,

I have a single splunk indexer. How do I add a search head? I do not have an index cluster. At this time I have a single indexer but may go to two indexers. Documentation talks about index cluster which I do not have.

My simple goal was to have a search head and a indexer or two indexers.

This is a new user type question running version 8.

Thanks in Advance,

Jim

sduff_splunk · ‎08-23-2020

https://docs.splunk.com/Documentation/Splunk/8.0.5/DistSearch/Configuredistributedsearch

Probably the easiest way to do this is via the Search Head's WebGUI. Log in as an admin, and go to Settings > Distributed Search. Then click on Search Peers. Provide your indexer's IP or FQDN, https://indexer_address:8089 and admin credentials for the indexer. Click Save, and you will have linked the search head with the indexer.

You can also use CLI or .conf files to do so, but I think the WebGUI illustrates it best.

Add a standalone search head

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Event Series: Splunk Observability Metrics Cost Optimization

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

Join the Conversation