Hi all,
I've got a couple of questions with regards to Enterprise Security, PCI and Search Head Clustering. We are initially going to be indexing 200GB/day but this will definitely grow beyond that within the next 2 years or so:
If we decided to buy enterprise security and implement search head clustering, the minimum number of nodes we need is 3. If we also want non-ES Search Heads, I'm assuming these will need to be outside the ES Cluster, correct?
If we also wanted search head clustering on the non-ES search heads, would that then require another 3 nodes and therefore we would require 6 Search Heads in total across 2 Search Head Cluster (ES and non-ES)?
Splunk also recommends a dedicated search head for the PCI app so you can probably guess what I'm going to ask next. Would we then need another 3 search heads in a new cluster for the PCI app? That's 9 already!
Would each search head cluster require its own deployer?
Thanks,
J
... View more