Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Multiple Search Heads in a Cluster

hvandenb
Path Finder
‎03-05-2014 09:33 AM

We're setting up an Index Cluster with a Master Node. From the documentation it looks like the Cluster will take care of replicating data and configuration between the Indexers. However, we're also wanting to have multiple search heads that work with the cluster.

What have people used to setup the search heads behind a load balancer. Do we need to use shared storage for the search heads or is there better configuration?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎03-05-2014 12:02 PM

you're looking for search head pooling: http://docs.splunk.com/Documentation/Splunk/latest/DistSearch/Configuresearchheadpooling

0 Karma
Reply
Solved! Jump to solution

hvandenb
Path Finder
‎03-06-2014 11:30 AM

I remember seeing a press on conf2013 about this as well. Basically, only the knowledge items need to be shared on the search heads.

0 Karma
Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎03-06-2014 10:05 AM

@gkanapathy did mention something similar to that in his Architecting for Scale talk at .conf 2012, maybe he can shed some light on viable alternatives to search head pooling.

0 Karma
Reply
Solved! Jump to solution

hvandenb
Path Finder
‎03-06-2014 08:11 AM

Thanks for the answer. I'd like to avoid using shared storage as this adds complexity. I heard that some folks rsync knowledge bundles between search heads. We don't plan on running scheduled searches on the search heads, but rather have a separate server for that.
Have you seen this as an option?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...

Global Splunk User Group Events: May + June 2026

Your Splunk Community Awaits: Discover Upcoming User Group Events Worldwide    Staying ahead in the fast-paced ...