Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide a mid-tier distributed search template #24

Open
halr9000 opened this issue Jun 2, 2017 · 5 comments
Open

Provide a mid-tier distributed search template #24

halr9000 opened this issue Jun 2, 2017 · 5 comments

Comments

@halr9000
Copy link

halr9000 commented Jun 2, 2017

Just ran into situation with a customer where neither single nor multi really fits well. First, for several reasons, I don't think we want to suggest that index replication is mandatory (and most customers don't use it today). And if that's not used, then the cluster master goes away.

By tossing in index replication, we are upping the EC2 count, the EBS sizes are impacted by the search & replication factor, and ongoing configuration is made much more complicated. If one doesn't have strict HA/DR requirements, then EBS snapshots will often suffice for continuity plans.

Therefore, I propose a new "distributed" or "mid" template that is closer to single, than multi. It would only create:

  • 1 search head
  • N indexers configured as search peers

And that's pretty much it.
@halr9000
Copy link
Author

halr9000 commented Jun 2, 2017

@billbartlett @rarsan thoughts?

@dbitincka
Copy link

dbitincka commented Jun 2, 2017 via email

@rarsan
Copy link
Contributor

rarsan commented Jun 6, 2017

@halr9000 this is really a tradeoff between configurability vs complexity as eluded to by @dbitincka.

So:

  1. How common is this configuration?
  2. How much complexity does it add (both implementation-wise and usage-wise)?

Re (1), choosing non-clustered indexers seems to be high value as you argued.
Re (2), supporting it is actually medium to low complexity:

  • for implementation: it's primarily about skipping the cluster-config step depending on toggle and instead act as a search peer. With configuration management tool, it's as simple as choosing the right Splunk role, be it standard indexer or cluster peer: you can readily switch out the roles via SplunkRole attribute as you can see here where we use Chef under the hood.
  • for usage: adding an input parameter to toggle clustering would be sufficient. As of now, AWS CloudFormation still doesn't have a way to conditionally show/hide parameters, so clustering-related form parameters (SF, RF, etc.) would just be ignored when clustering is disabled.

Seems worthwhile IMHO. PR are welcome!

@halr9000
Copy link
Author

Just had a 2nd customer need this mid-tier option.

@bcyates
Copy link

bcyates commented May 15, 2018

Any update on this? Would love a non-clustered option

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@halr9000 @rarsan @dbitincka @bcyates