Arcitecture
구성
master 1 대
site 5 개
searchead site 당 1대
peer site 당 3대
rockylinux 9.x
RAM 2GB
disk 20GB ~
마스터 site 구성
cli
splunk edit cluster-config -mode manager -multisite true -available_sites site1,site2,site3,site4,site5 -site site1 -site_replication_factor origin:3, site1:3,total:6 -site_search_factor origin:3, site1:3,total:6 -secret your_key
splunk restartserver.conf
site indexer 구성
splunk edit cluster-config -mode peer -site site1 -manager_uri https://masterIP:8089 -replication_port 9887 -secret your_key
splunk restartserver.conf
site searchHead 구성
splunk edit cluster-config -mode searchhead -site site1 -manager_uri https://masterIP:8089 -secret your_key
splunk restartserver.conf
site_replication_factor
https://docs.splunk.com/Documentation/Splunk/9.2.2/Indexer/Sitereplicationfactor
site_search_factor
https://docs.splunk.com/Documentation/Splunk/9.2.2/Indexer/Sitesearchfactor
