Deployment Architecture

Can I specify a dedicated network for cluster replication transport in a clustered environment?

melonman
Motivator

Hi

In a clustered environment, network for replication needs to be fast.
I have multiple network interfaces in a peer server and I want to tell Splunk to use a specific interface for data replication.

Has anyone here done this?
Thank you very much in advance.

Labels (1)
1 Solution

jtacy
Builder

I've asked a similar question before for a multi-tenant environment and I think the same solution should work. This option in server.conf on the peer should do the trick:

register_replication_address = <IP address, or fully qualified machine/domain name>
    * Only valid for mode=slave
    * This is the address on which a slave will be available for accepting
      replication data. This is useful in the cases where a slave host machine 
      has multiple interfaces and only one of them can be reached by another 
      splunkd instance

Documentation: server.conf

Hope this helps, good luck!!

View solution in original post

jbrinkman
Explorer

I believe you will likely want to configure "register_forwarder_address" and "register_search_address" as well. I've heard of situations where a cluster was attempting to use the interface identified by the "register_replication_address" to also perform searches and receive ingest. It is probably best that if you configure one of these stanzas that you do the other two as well.

register_forwarder_address =
* Only valid for mode=slave
* This is the address on which a slave will be available for accepting
data from forwarder.This is useful in the cases where a splunk host
machine has multiple interfaces and only one of them can be reached by
another splunkd instance.

register_search_address =
* Only valid for mode=slave
* This is the address on which a slave will be available as search head.
This is useful in the cases where a splunk host machine has multiple
interfaces and only one of them can be reached by another splunkd
instance.

0 Karma

jtacy
Builder

I've asked a similar question before for a multi-tenant environment and I think the same solution should work. This option in server.conf on the peer should do the trick:

register_replication_address = <IP address, or fully qualified machine/domain name>
    * Only valid for mode=slave
    * This is the address on which a slave will be available for accepting
      replication data. This is useful in the cases where a slave host machine 
      has multiple interfaces and only one of them can be reached by another 
      splunkd instance

Documentation: server.conf

Hope this helps, good luck!!

melonman
Motivator

Thank you for the information!

0 Karma

ajiwanand
Path Finder

I know this is is an old answer but have you tried this out? I am getting "invalid hostname" when trying to use register_replication_address..and yes the peer and CM can reach each other and even resolve. Also im using IP for testing.

0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...