Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to manage accelerated datamodels in cluster ?

AKG1_old1
Builder
‎09-29-2020 08:32 AM

Hello,

We are planning to migrate single instance splunk installation to clustered deployment (1 MasterNode, 1 Search Head, 2 Indexer). we are using an App with accelerated datamodels.  

As per my understanding we can manage all datamodels from Search Head and datamodel should be accelerated on search head only.

Query 1: Can we deploy our full app with datamodels on indexers as well ? if no then what files need to be avoid deploying to indexers.
when we tried deploying full app on indexers its showing all accelerated datamodels on indexers as well. which I think wrong.

Query 2. Same question but for lookups. we are using many lookups as well. where should we keep all lookups ? (Search head OR indexers)  

Thanks

 

 

 

Labels (1)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎09-29-2020 10:08 AM

Search heads coordinate acceleration of datamodels, but the accelerated data itself is stored on indexers.  You should be able to install your app on both the SH and indexers without a problem.

Lookups are sent from SH to indexers when a search begins.  Usually, this is not a problem, but when the lookup files get large then the search bundle can take too long to transfer and searches fail.  In that case, load the lookup files on the indexers and blacklist them from the search bundle.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...