Installation
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Monitoring Console & SH deployer for multisite cluster

Somesh
Path Finder
‎09-16-2024 11:40 PM

I have seen the splunk documentation for setting up Splunk Multisite Cluster but I have not seen anything related to Monitoring Console & SH Deployer. Can some one suggest on how to setup these two ?

Labels (2)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎09-16-2024 11:46 PM

Hi @Somesh ,

could you better describe your requirement?

SHC-Deployer is a management system that must be configured for a Search Head Cluster in one of the two sites.

It doesn't require a secondary copy in the secondary site because the Search Head Cluster continues to work also without the Deployer, the only limitation is that you cannot deploy a new app until the Deployer will be again available.

At the same time, you can have one Monitoring Console, you have to configure using the documentation at https://docs.splunk.com/Documentation/Splunk/9.3.1/DMC/DMCoverview

You could also create a secondary server in the secondary site, but it isn't required for the activity.

Ciao.

Giuseppe

0 Karma
Reply

Somesh
Path Finder
‎09-17-2024 12:03 AM

Previously i had setup Single cluster with below requirements.

Indexer Cluster with 3 machines.

Search head with 3 machines.

manager, Monitoring Console & Sh Deployer with 1 machine.

Now I need to setup a multisite cluster with below requirements.

Site1

Indexers: 3

Search head: 2

Manager: 1

Site 2 

Indexers: 3

Search head: 2

 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎09-17-2024 12:13 AM

Hi @Somesh ,

I don't like that the Cluster Manager and the SHC-Deployer is on the same server, I'd prefer a dedicated Cluster Manager, but what's the issue?

Both Indexers and Search Head Cluster continue to work also without Cluster Manager and Deployer so your infrastructure continue to work also in case od unavailability of Site1.

The real question should be: can my infrastructure manage the log volume and the searches?

If yes, you don't have issues.

Ciao.

Giuseppe

0 Karma
Reply

Somesh
Path Finder
‎09-17-2024 01:07 AM

Okay my question was In case if we want to setup deployer for multisite cluster should we follow the same procedure like we did on the Single Cluster

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎09-17-2024 01:47 AM

Hi @Somesh ,

yes, it's the same.

Only one attention point: configure on your Search Heads the search affinity.

This is relevant to have more performant searcheas and avoid that a Searc Head uses the other site Indexers, but mainly because otherwise a Search Head, when the primary site is down, continue to search also on the Site1 Indexers so it doesn't find a part of data.

I encountered this issue during an acceptance test!

Ciao.

Giuseppe

0 Karma
Reply

Somesh
Path Finder
‎09-17-2024 12:17 AM

Sorry! My bad!!  Manager & the SHC-Deployer each 1 machine.

 

So you suggest SHC-Deployer is not required for Mulitsite Cluster ?

 

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

AI is one of the biggest topics in the market today, and for security teams, its value goes far beyond the ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

[REGISTER HERE] This thread is for the Community Office Hours session on Detection Engineering Office Hours: ...