Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- Re: Can I specify a dedicated network for cluster ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
In a clustered environment, network for replication needs to be fast.
I have multiple network interfaces in a peer server and I want to tell Splunk to use a specific interface for data replication.
Has anyone here done this?
Thank you very much in advance.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've asked a similar question before for a multi-tenant environment and I think the same solution should work. This option in server.conf on the peer should do the trick:
register_replication_address = <IP address, or fully qualified machine/domain name>
* Only valid for mode=slave
* This is the address on which a slave will be available for accepting
replication data. This is useful in the cases where a slave host machine
has multiple interfaces and only one of them can be reached by another
splunkd instance
Documentation: server.conf
Hope this helps, good luck!!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I believe you will likely want to configure "register_forwarder_address" and "register_search_address" as well. I've heard of situations where a cluster was attempting to use the interface identified by the "register_replication_address" to also perform searches and receive ingest. It is probably best that if you configure one of these stanzas that you do the other two as well.
register_forwarder_address =
* Only valid for mode=slave
* This is the address on which a slave will be available for accepting
data from forwarder.This is useful in the cases where a splunk host
machine has multiple interfaces and only one of them can be reached by
another splunkd instance.
register_search_address =
* Only valid for mode=slave
* This is the address on which a slave will be available as search head.
This is useful in the cases where a splunk host machine has multiple
interfaces and only one of them can be reached by another splunkd
instance.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've asked a similar question before for a multi-tenant environment and I think the same solution should work. This option in server.conf on the peer should do the trick:
register_replication_address = <IP address, or fully qualified machine/domain name>
* Only valid for mode=slave
* This is the address on which a slave will be available for accepting
replication data. This is useful in the cases where a slave host machine
has multiple interfaces and only one of them can be reached by another
splunkd instance
Documentation: server.conf
Hope this helps, good luck!!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for the information!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I know this is is an old answer but have you tried this out? I am getting "invalid hostname" when trying to use register_replication_address..and yes the peer and CM can reach each other and even resolve. Also im using IP for testing.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions
Splunk Community Badges!
[Puzzles] Solve, Learn, Repeat: Matching cron expressions
