Deployment Architecture

Clustering - Master - Peer

Raghav2384
Motivator

Hello Experts, I have been trying all day to get this working.Not even sure if this works with my setup. I have Splunk ENT trials installed on two laptops. On Laptop A(Mac) , i enabled clustering and made it as Master peer. On Laptop B(Windows) i tried to add the following stanza to server.conf on /Splunk/etc/system/local
[replication_port://8080]
[clustering]
master_uri = https: / / 192.168.xx.xx:8089
mode = slave
pass4SymmKey = xxxxx. Save. Now after this, it doesn't let me start splunkd (Once i remove this stanza, i can start splunkd)
I have checked the log from /var/log/splunk/splunkd.log and this is what it says
"ERROR: The replication_port port [8080] is already bound.Splunk needs to use this port" . If i need to use a different port for replication, where and how to set it for the master peer? . Thanks in advance!

dxu_splunk
Splunk Employee
Splunk Employee

Your peer (B) is not starting because 8080 is in use. On the peer's server.conf, change

[replication_port://8080]

to something else, like

[replication_port://8090]

Raghav2384
Motivator

ahhh....That makes a lot of sense....Thank you!!!!

0 Karma

dxu_splunk
Splunk Employee
Splunk Employee

only peers have replication ports. just choose any open port - it doesn't need to match any other peer/master configuration. (the port is used to transfer data to/between other peers, diff peers can have same or different replication ports - doesnt matter)

http://docs.splunk.com/Splexicon:Replicationport

0 Karma

Raghav2384
Motivator

gotcha, quick question, when it asks for replication_port on Peer B, is it not asking for Master's replication port #? Do i need to set this replication port for both in that case?

0 Karma
Get Updates on the Splunk Community!

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...