We have a single server that is running indexer, master and search head. As we only have 1 server, it is a single point of failure.
We were thinking to put in place Splunk cluster solution, so our Splunk infrastructure would be resilient.
To deploy Splunk cluster we were thinking to use 2 servers:
* Server A: Indexer, master, search head.
* Server B: Indexer, master in standby, search head.
The documentation (https://docs.splunk.com/Documentation/Splunk/8.0.1/Indexer/Keydifferences) says "The master node, peer nodes, and search head must each run on its own instance."
Does anyone know why the 3 components have to be in different instances?
... View more