Configure a cluster deployment
A cluster is a group of of Splunk Enterprise nodes (indexers) configured to replicate each others' data, so that the system keeps multiple copies of all of the data. This process is known as index replication. By maintaining multiple, identical copies of the data, clusters prevent data loss while promoting data availability for searching.
An overview of clusters
A cluster contains the following nodes:
- A single master node to manage the cluster. The master node is a specialized type of indexer.
- Several peer nodes that handle the indexing function for the cluster, indexing and maintaining multiple copies of the data and running searches across the data.
- One or more search heads to coordinate searches across all the peer nodes.
There are additional configuration steps, beyond what's needed for a stand-alone indexer, for setting up a cluster. For more information, see "About clusters and index replication" in the "Managing Indexers and Clusters" manual.
Before you set up a cluster, read the topic "Key differences between clustered and non-clustered deployments" in the Splunk Enterprise documentation to set up a cluster.
Configure a cluster for the Splunk App for NetApp Data ONTAP
The Splunk App for NetApp Data ONTAP requires a stable and supportable Splunk installation.
To set up a cluster environment for the Splunk App for NetApp Data ONTAP:
- Read the topic "Deployment overview". This topic describes the main steps to deploying clusters.
- Follow the instruction in "How to distribute apps to all the peers" to distribute apps across all the peers.
This topic discusses the specific requirements for the Splunk App for NetApp Data ONTAP in a clustered environment.
- Determine the nodes you want to set up as the master node, peer nodes and search head nodes. Also decide what replication factor you want to implement. The replication factor is the number of copies of raw data that the cluster maintains. It should be less than or equal to the number of search peers (slave nodes).
- Install the Splunk App for NetApp Data ONTAP on the search head, master nodes, and search peers under the
$SPLUNK_HOME/etc/apps
directory. - Follow the instructions in Deploy a cluster to enable the master node, the peer nodes, and the search head for a clustered environment.
- Delete SA-Utils from the master-apps directory before issuing the 'apply cluster-bundle' command. If SA-Utils is deployed, it will prevent the UI on any indexers from starting up.)
- To configure indexes across cluster peers, read "Configure the peer indexes". The Splunk App for NetApp Data ONTAP uses the "ontap" index. On the master node, add the new "ontap" index to the
$SPLUNK_HOME/etc/master-apps/_cluster/local/indexes.conf
file to make the ONTAP data available. When you add a new index stanza, set therepFactor
attribute toauto
. This causes the index's data to be replicated to other peers in the cluster. Note: To add a new index to a cluster, directly editindexes.conf
. You cannot add an index via Splunk Web or the CLI. This step makes the NetApp data available to the cluster.[ontap]
repFactor=auto
- On the master node, to distribute the configuration bundle to the search peers, log in to Splunk Web or use the CLI. Distribute the bundle in the
$SPLUNK_HOME/etc/master-apps directory
. $SPLUNK_HOME/etc/slave-apps/_cluster/local/indexes.conf
is updated on all the search peers with the index configuration added on the master node.- This step is optional.To distribute apps to all peers and share them across the cluster:
- Read the topic How to distribute apps to all peers. Add each app under
$SPLUNK_HOME/etc/master-apps/<app-name>
. Distribute the following Splunk App for NetApp Data ONTAP components to all search peers:/SA-Hydra
/SA-Utils
/splunk_app_netapp
/Splunk_TA_ontap
- On the search peers, check that the app files exist under
$SPLUNK_HOME/etc/slave-apps/<app_name>
.
- Read the topic How to distribute apps to all peers. Add each app under
- When you have installed the app on the search head node, master node, and search peers and you have set up the cluster, follow the instruction in "Create a data collection node" described in this manual to get your data collection nodes.
- Data collection nodes are managed by the scheduler, on the master node. Log in to Splunk Web and navigate to the Collection Configuration dashboard. Register all new data collection nodes individually with the scheduler, specify the associated filers, and have them forward data to the indexers, then start the scheduler. See the "Add a data collection node" topic in this manual for instructions.
- Log in to the data collection nodes and check that data is being forwarded to the indexers in the cluster.
- When you have installed and configured the app in your environment, you can log in to Splunk Web on the search head to view the Splunk App for NetApp Data ONTAP dashboards and use the app.
Sharing apps in a cluster
The master node distributes new or edited configuration files or apps across all the peers. Follow the instructions in the topic "Update common peer configurations and apps" to share apps in a cluster.
For example, to share a saved search across the peer nodes, add the saved search to $SPLUNK_HOME/etc/master-apps/<app-name>/
.
Update the savedsearches.conf
file.
Log in to Splunk Web on the cluster master and push the configuration bundle.
You can see the apps in $SPLUNK_HOME/etc/slave-apps/<app-name>/
.
Managing configuration changes
Once the Splunk App for NetApp Data ONTAP has been distributed to the set of peers, you launch and manage it on each peer with Splunk Web. See "Managing app configurations and properties" in the Admin Manual.
Configure search head pooling | Configure data models |
This documentation applies to the following versions of Splunk® App for NetApp Data ONTAP (Legacy): 2.0, 2.0.1, 2.0.2, 2.0.3, 2.1.0, 2.1.1, 2.1.2, 2.1.3
Feedback submitted, thanks!