Solved: Two smartstore S3 objects in single indexer cluste...

impurush · ‎01-20-2021

We are planning to move to Smartstore for the cold storage and we are having the on-prem multisite indexer cluster. We are having two S3 object storage created with our partners.

Can I point out the two different S3 object storage to each site? (I know the suggested solution is to have a single indexer cluster should have single S3 object storage)

What would be the best way to migrate from On-prem to Smartstore. Our configuration around 10 indexers with each 10 TB of data on the daily volume of 300 GB/day.

Thanks in advance!

richgalloway · ‎01-20-2021

Your indexer cluster should use a single object store for S2. Use the second as a replicate/backup, but do so in a manner transparent to Splunk. See https://docs.splunk.com/Documentation/Splunk/8.1.1/Indexer/MultisiteSmartStore#Deploy_multisite_inde...

For the migration steps, see https://docs.splunk.com/Documentation/Splunk/8.1.1/Indexer/MigratetoSmartStore

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎01-20-2021

Your indexer cluster should use a single object store for S2. Use the second as a replicate/backup, but do so in a manner transparent to Splunk. See https://docs.splunk.com/Documentation/Splunk/8.1.1/Indexer/MultisiteSmartStore#Deploy_multisite_inde...

For the migration steps, see https://docs.splunk.com/Documentation/Splunk/8.1.1/Indexer/MigratetoSmartStore

---
If this reply helps you, Karma would be appreciated.

Two smartstore S3 objects in single indexer cluster

smartstore

Preparing your Splunk Environment for OpenSSL3

Unleash Unified Security and Observability with Splunk Cloud Platform

Splunk AppDynamics with Cisco Secure Application