Hi
In my company we are have 8 Search heads.
we want to change it into search head cluster.
what all the configuration i need to change please help me with this.
This is bit elaborative process and would require a Splunk admin who is well versed in SH clustering (or request for Professional services)
This is bit elaborative process and would require a Splunk admin who is well versed in SH clustering (or request for Professional services)
Unless you have way too many search heads, I would add one to make it odd 9 (instead of reduce 1), because being part of a Search Head Cluster adds overhead that will make the capacity of each one a little bit less.
Additionally refer to below document too:
https://docs.splunk.com/Documentation/Splunk/7.2.6/DistSearch/Migratefromsearchheadpooling