Solved: Can you help me install a search head (SH) cluster...

siemteam · ‎01-21-2019

Hello,

I'm trying to deploy a SH Cluster, and I found the following issue:

After editing server.conf (local folder) to add the following configuration lines:

Modify:
[general]
pass4SymKey = myKey

Add:
[shclustering]
shcluster_label = myLabel
pass4SymKey = myKey

When I try to restart Splunk, the following error message appears:

Invalid key in stanza [general] in /opt/splunk/etc/system/local/server.conf, line 4: pass4SymKey  (value:  myKey).
Invalid key in stanza [shclustering] in /opt/splunk/etc/system/local/server.conf, line 32: pass4SymKey  (value:  myKye).

On each SH Cluster member, I'm using the following command:

/opt/splunk/bin/splunk init shcluster-config -mgmt_uri https://SHMEMBER:8089 -replication_port 8080 -conf_deploy_fetch_url https://DEPLOYMENTSERVER:8089 -secret myKey

What's wrong?

Thanks

dkeck · ‎01-21-2019

HI,

its pass4SymmKey

with double m

also note that mykey has to be plain text, not encrypted

View solution in original post

siemteam · ‎01-21-2019

Thank you so much!!

dkeck · ‎01-21-2019

Happy that it helped 🙂

dkeck · ‎01-21-2019

HI,

its pass4SymmKey

with double m

also note that mykey has to be plain text, not encrypted

Can you help me install a search head (SH) cluster?

Blueprints for High-Maturity Operations: Splunk Lantern Articles on SOAR, ES 8.4, ...

Simplifying the Analyst Experience with Finding-based Detections

[Puzzles] Solve, Learn, Repeat: Word Search

Join the Conversation

Can you help me install a search head (SH) cluster?

Blueprints for High-Maturity Operations: Splunk Lantern Articles on SOAR, ES 8.4, ...

Simplifying the Analyst Experience with Finding-based Detections

[Puzzles] Solve, Learn, Repeat: Word Search