Splunk documentation for the Enterprise Security App lists support for single-site cluster architectures. I am planning a large ES installation across multiple geographical locations and wanted to know if the ES app (latest version) was able to support a multi-site cluster architecture.
The Enterprise Security app Deployment planning topic on Clustering has been updated to show support for multisite clustering. Please note that a single-site or multi-site cluster architecture can have one search head or search head pool with a running instance of the Splunk App for Enterprise Security. Any other search heads cannot run the Enterprise Security app.