Search head and indexer clustering overview
Clustering is a vast topic, and there is an administration course available from Splunk Education that covers it. In this section, you are going to learn about the essential topic of clustering in a distributed search context.
Clustering is the concept of grouping similar instance types to work toward a common goal by sharing the same configurations and objects, which allows resources to be highly available and resilient. Let’s look at the two types of clustering in the following subsections.
Search head clustering
The search head in Splunk serves as the prime component responsible for managing user queries and coordinating the search process. Whether a search query is submitted through the Splunk user interface, the Command-Line Interface (CLI), or an API, the search head receives the query and takes charge of distributing the search across the indexers. It distributes the query to the appropriate indexers, collects and merges...
