Hello I am testing Splunk Enterprise Multi-Site Cluster in my lab. The details of which are mentioned below : Site1 - Master , Index Peers 1 and 2 , Search Head , and 1 Universal Forwarder. Site2 - Index Peers 1 and 2, Search Head, and 2 Universal Forwarders. [clustering] mode = master multisite = true available_sites=site1,site2 site_replication_factor = origin:2,site1:1,site2:1,total:4 site_search_factor = origin:2,site1:1,site2:1,total:3 I am facing 2 issues : 1 - If I am checking logs on the other Search Head when the one in the site goes down , I am able to find those logs but , the name of the host from which the logs have come is shown as localhost. (I have proper DNS setup for both the sites.) 2 - My Master says that the replication factor has not been met. Please let me know if i have goofed up configuration or my assumptions are not right for a 2 site Multi-Cluster configuration. Aslo please let me know if any additional information is needed. CentOS 6.3 Splunk - 6.1.3 and splunkforwarder 6.1.3 ... View more