Knowledge Management
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is there a way to separate indexer and search head apart?

muradgh
Path Finder
‎11-30-2022 12:49 AM

Hi Splunkers

I currently have one Splunk machine that has two rules at once (a search head and an indexer) and I want to separate each rule from another with its own separate machine.

Is there a way to do such action? if so, what are the steps to do so?

Thanks.

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎11-30-2022 01:01 AM

Hi @muradgh,

you have to:

  • install a new server with the correct hardware reference,
  • install Splunk on it,
  • configurate it to work with a Forwarder license,
  • forward all logs to the other server,
  • configure it as Searche Haed that uses the other server
  • use it for the searches.

for more information you can see at https://docs.splunk.com/Documentation/Splunk/9.0.2/DistSearch/Whatisdistributedsearch

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎11-30-2022 01:01 AM

Hi @muradgh,

you have to:

  • install a new server with the correct hardware reference,
  • install Splunk on it,
  • configurate it to work with a Forwarder license,
  • forward all logs to the other server,
  • configure it as Searche Haed that uses the other server
  • use it for the searches.

for more information you can see at https://docs.splunk.com/Documentation/Splunk/9.0.2/DistSearch/Whatisdistributedsearch

Ciao.

Giuseppe

Reply
Solved! Jump to solution

muradgh
Path Finder
‎11-30-2022 02:55 AM

Thank you @gcusello ^^

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎11-30-2022 03:02 AM

Hi @muradgh,

good for you, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Reply
Get Updates on the Splunk Community!

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...