- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi All,
I'm totally new to Splunk.
Please let know if any can explain what are the below searchhead, in perspective of installing an app.
1- AdHocSH
2-Premium SH
3-SH Cluster
4-IDM
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content


1 - An adhoc SH is a "normal" search head. It's called that because it's where users go to run interactive ("ad-hoc") searches.
2 - A Premium SH is a search head that runs a premium (extra fee) app such as Enterprise Security or ITSI.
3 - An SH Cluster is a cooperating collection of search heads. Members of an SHC keep knowledge objects in sync and share resources. A scheduled search may run on any member of the cluster.
4 - An IDM is a Splunk Cloud instance and not used in other environments. The Input Data Manager was created as a way to run inputs in Splunk Cloud outside a search head. This is before Splunk introduced the Victoria experience, which allows inputs on SHs and does not have an IDM.
If this reply helps you, Karma would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks a lot for your response 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content


1 - An adhoc SH is a "normal" search head. It's called that because it's where users go to run interactive ("ad-hoc") searches.
2 - A Premium SH is a search head that runs a premium (extra fee) app such as Enterprise Security or ITSI.
3 - An SH Cluster is a cooperating collection of search heads. Members of an SHC keep knowledge objects in sync and share resources. A scheduled search may run on any member of the cluster.
4 - An IDM is a Splunk Cloud instance and not used in other environments. The Input Data Manager was created as a way to run inputs in Splunk Cloud outside a search head. This is before Splunk introduced the Victoria experience, which allows inputs on SHs and does not have an IDM.
If this reply helps you, Karma would be appreciated.
