Splunk Search

Can one Search Head Cluster search across multiple Indexer Clusters?

earakam
Path Finder

Hi,

I am wondering if one Search Head Cluster can search across multiple Indexer Clusters.
I have found this doc http://docs.splunk.com/Documentation/Splunk/6.3.3/Indexer/Configuremulti-clustersearch
but it doesn't particularly say anything about a Search Head Cluster.
Can someone tell me if it's possible and where I can find the documentation?

Thank you.

1 Solution

muebel
SplunkTrust
SplunkTrust

Yup, you can add multiple index clusters as search peers, and searches will be distributed as appropriate.

View solution in original post

0 Karma

harsmarvania57
SplunkTrust
SplunkTrust

Yes you can configure multiple indexer cluster in search head cluster, please refer http://docs.splunk.com/Documentation/Splunk/6.3.3/Indexer/Configuremulti-clustersearch

It's running fine in our environment.

0 Karma

smudge797
Path Finder

Tried to add it and listed the master connected. But then it flaps about not being able to communicate with the license server. Which is odd as the mast is also the license master. Any ideas?

0 Karma

muebel
SplunkTrust
SplunkTrust

Yup, you can add multiple index clusters as search peers, and searches will be distributed as appropriate.

0 Karma

earakam
Path Finder

hi muebel,

thanks for the prompt response!
do you possibly know where i can find the documentation for that?

thanks

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

Any proposals or recommendations for us.

When we have two multisite clusters where we want to connect from one search head cluster, should I name those site 1 to 2 and then 3 to 4 and use 1 & 2 again with shc sites (which are physically same as in MSC 1) or should SHCs has also own site numbers? All those sites are in separate network zone /segments. On MSC there haven’t any primary and secondary sites.

Currently site1 and site2 are already in “production” use. Secondary MSC is just under constructions as nes SHC which will be replace current on site1 & site2.

R. Ismo

0 Karma
Get Updates on the Splunk Community!

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

Getting Started with AIOps: Event Correlation Basics and Alert Storm Detection in ...

Getting Started with AIOps:Event Correlation Basics and Alert Storm Detection in Splunk IT Service ...

Register to Attend BSides SPL 2022 - It's all Happening October 18!

Join like-minded individuals for technical sessions on everything Splunk!  This is a community-led and run ...