Splunk® SOAR (On-premises)

Install and Upgrade Splunk SOAR (On-premises)

This documentation does not apply to the most recent version of Splunk® SOAR (On-premises). For documentation on the most recent version, go to the latest release.

Create a Cluster from an OVA installation

Converting a virtual machine to a server or cluster node is a one-way operation. It cannot be reverted.

Build a cluster with a single Shared Services server

The most basic version of a cluster is a single Shared Services server connected to multiple instances of .

This configuration is not recommended for production use. This mode is primarily intended for Proof of Value or demonstrations. A single Shared Services server becomes a single point of failure. Any problems on the Shared Services server impact your entire cluster.

Use the following checklist for a Single Shared Services server.

Number Task Description
1 Create the Shared Services server.
  1. Install a privileged instance of using RPM. See Install to an existing server with RPM.
  2. Run the make_server_node.pyc script to build your Shared Services server. See Run make_server_node.pyc.
2 Install cluster nodes.
  1. Install as a virtual machine image, once for each node you need in your cluster. See Install as a virtual appliance.
  2. Make the first cluster node. See Run make_cluster_node.pyc.
  3. Make additional cluster nodes.

Build a cluster with external service services

Build a more robust cluster, putting each of the services on its own server or group of servers to serve multiple cluster nodes of .

Use the following checklist for a virtual machine images cluster with external services:

Number Task Description
1 Create the HAProxy node.
  1. Install a privileged instance of using RPM. See Install to an existing server with RPM.
  2. Run make_server_node install proxy. See Run make_server_node.pyc.
2 Create the PostgreSQL node.
  1. Install a privileged instance of using RPM. See Install to an existing server with RPM.
  2. Run make_server_node install db. See Run make_server_node.pyc.
3 Create the file shares node
  1. Install a privileged instance of using RPM. See Install to an existing server with RPM.
  2. Run make_server_node install fs. See Run make_server_node.pyc.
4 Create the Splunk Enterprise node
  1. Install a privileged instance of using RPM. See Install to an existing server with RPM.
  2. Run make_server_node install splunk. See Run make_server_node.pyc.
5 Install cluster nodes.
  1. Install as a virtual appliance, once for each node you need in your cluster. See Install as a virtual appliance.
  2. Run make_cluster_node.pyc to make the first cluster node. See Run make_cluster_node.pyc.
  3. Make additional cluster nodes.
Last modified on 22 September, 2021
About clusters   Create a cluster from an RPM or TAR file installation

This documentation applies to the following versions of Splunk® SOAR (On-premises): 5.0.1

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters