Hi bofa123,
I deployed a search Head Cluster following instructions on documentation at http://docs.splunk.com/Documentation/Splunk/6.6.3/DistSearch/AboutSHC
I found only a problem (not documented in docs but in answers), described above
Shortly:
Deployer Configuration
- Search Head Cluster Label Configuration:
- in etc/system/local/server.conf file insert [shclustering] stanza
- In that stanza insert row shcluster_label = my_cluster_label
- Deployer's security key configuration:
- In etc/system/local/server.conf file, insert own password (not encrypted) in row “pass4SymmKey” of [general] or [shclustering] stanza, at first restart Splunk will encrypt it
- Restart Splunk
Cluster Members Configuration
- run command
- splunk init shcluster-config -auth ‘admin:password’ -mgmt_uri https://server_address:8089 -replication_port 8079 -replication_factor 3 -conf_deploy_fetch_url https://deployer_address:8089 -shcluster_label shcluster1
- BEWARE: don't set –secret=password parameter (it's described in documentation!) because don't run!
- splunk restart
- modify in /opt/splunk/etc/system/local/server.conf file row pass4SymmKey inserting secret password in clear
- splunk restart
Captain Configuration
- Choose Captain
- go on Captain
- run command
Adding Search Peers
- Distributed Search Configuration
- Add Peer 1
- URI peer https://Indexer_1_IP:8089
- Remote User Service_User_On_Indexer_1
- Remore Password Service_User_On_Indexer_1 password
- Confirm Password
on so on
Thn copy your Apps on Deployer and deploy them using Deployer.
All following updates will be automatically deployed by Cluster.
Bye.
Giuseppe
