Planning redundancy

The term redundancy can mean different things, depending on your concern. Splunk has features to help with some of these concerns, but not others. In a nutshell, up to and including Version 4.3, Splunk is excellent at making sure that data is captured but in the earlier versions, it provided no tangible mechanism for reliably replicating data across multiple indexers. Starting with Splunk version 5, Splunk added data replication features that can eliminate most of these concerns. Let's take a quick look at the topic now.

The replication factor

When setting up a Splunk indexer cluster, you stipulate the number of copies of data that you want the cluster to maintain. Peer nodes store incoming data in buckets, and the cluster maintains ...

Get Implementing Splunk - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Implementing Splunk - Second Edition by Vincent Bumgarner, James D Miller

Planning redundancy

The replication factor

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly