Splunk Search

Add clustered search peers (indexers) to standalone search head?

Builder

Hello,

is it possible to add clustered search peers (indexers) to standalone search head?

Thanks.

0 Karma

SplunkTrust
SplunkTrust

Yes, follow below instructions to add a search head to query Indexer cluster.

http://docs.splunk.com/Documentation/Splunk/6.5.0/Indexer/Enablethesearchhead#Enable_the_search_head...

Builder

Dear Somesh,

finally I've added search peers (indexers of the cluster) in distributed search of the new sh and it looks good!

I don't want any sync or replication of clustered search heads.

Thanks a lot.

0 Karma

Builder

Hello, we have an app (app_authentication) used to deploy authorize.conf and authentication.conf on our shcluster. Does it mean that I only need to disable deployment of this app on the new search head and configure users/roles locally? Thanks a lot.

0 Karma

SplunkTrust
SplunkTrust

You would've to create a copy of that app, make required permissions changes in the app and deploy updated app to your Standalone SH.

0 Karma

Builder

Can't we just add search peers (clustered indexers) in "Settings / distributed search / search peers" from the new sh?

The aim is to avoid that that additionnel search head becomes part of the cluster.

Thanks for your help.

0 Karma

SplunkTrust
SplunkTrust

A search in an indexer cluster will still be behaving a regular SH only. The benefits of configuring search peers by adding SH to cluster is that you don't have to make changes in SH if there is change in the Indexer cluster (you add or remove search peers from cluster). See this for comparison of both methods

http://docs.splunk.com/Documentation/Splunk/6.5.0/Indexer/Configurethesearchhead#Search_heads_runnin...

0 Karma

Builder

The aim for that standalone search head is to have different permissions for existing clustered indexes. Is it possible with your solution?
Thanks.

0 Karma

SplunkTrust
SplunkTrust

The permissions are handled at role level on Search Head, so you should be able to manage index level permission per your need.