All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

From a search head, how can we know which instance is the captain and which are members for that specific search head cluster?

gunturu_nagasri
Explorer
‎12-09-2015 09:54 PM

How can this be viewed from Splunk Web using the S.o.S - Splunk on Splunk app in Splunk based on time?

Reply

jplumsdaine22
Influencer
‎12-10-2015 10:58 AM

don't know about splunk on splunk, but you can view all the information in the Distributed Management Console

Reply

hexx
Splunk Employee
Splunk Employee
‎12-10-2015 10:56 AM

First, there are no plans to add views to the S.o.S app that will provide visibility & introspection for Search Head Clustering.

The good news, however, is that the Distributed Management Console ships with Search Head Clustering dashboards as of Splunk Enterprise 6.3!

Most notably, the very first view titled "Status and Configuration" provides an overview of your Search Head Cluster(s) and will show a list of cluster members and point out the captain.

Do note that this information is not available directly from search-heads that are members of the cluster as the DMC is not supported there - you'll need to set up an instance outside of the cluster (typically, the app deployer) to be the DMC and monitor the cluster from outside.

Reply

jplumsdaine22
Influencer
‎12-10-2015 12:16 PM

Also the following search on a cluster member will tell you the captain

| rest splunk_server=local /services/shcluster/captain/info | rename label as Captain | fields Captain
Reply

lguinn2
Legend
‎12-10-2015 11:55 AM

Although on the command line on any search head, you can run

splunk show shcluster-status

which will tell you the status of the cluster and each member, including identifying the captain.

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...