- Splunk Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- Re: Help with changing IP address on one of the Se...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Due to infrastructure issues, I need to make a change to the IP address to one of my Search Heads (one of the Search Heads in the cluster ( total of 2 - 1 in each location ).
What changes would need to occur to make this work? From a config stand point, everything points to the deployment server and cluster master for their configurations.
Would anything have to change in terms of configurations? I can't seem to find anything that points specifically to the IP address of the search head.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This was resolved, review the configurations in our search cluster and had to make sure that all configurations were name based and where the IP was referenced - make that change. Also once completed, make sure deployment apps are still on the server or redeploy from the deployment server. Make sure to add the new search head into the cluster for monitoring as well.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This was resolved, review the configurations in our search cluster and had to make sure that all configurations were name based and where the IP was referenced - make that change. Also once completed, make sure deployment apps are still on the server or redeploy from the deployment server. Make sure to add the new search head into the cluster for monitoring as well.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I see this is kind of an old post, but we are running across the same situation. But rather, we need to change from using an IP address to using hostnames, so that we can change subnets.
First, I go into the server.conf file and change the mgmt_uri
from: mgmt_uri = https://10.16.6.53:8089
to: mgmt_uri = https://servername.domainname.com:8089
Then restart splunk
then run: splunk show shcluster-status
I get this:
Encountered some errors while trying to obtain shcluster status.
This node is not part of any cluster configuration, please re-run the command from an active cluster member. Also see "splunk add shcluster-member" to add this member to an existing cluster or see "splunk bootstrap shcluster-captain" to bootstrap a new cluster with this member.
If it go through these steps of (set static captain, remove member, rename mgmt_uri, enable cluster using hostnames, add member), the cluster will come back up, but then I get "error resolving hostname" on the SH Deployer
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To my knowledge, as long as pass4SymmKey doesn't change, communication between search heads to deployer and search heads to indexers should not be impacted.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Which is all that I came across finding when going through configurations again and knowing they communicate using the key across them for binding them - outside of that i could not find anything else - just seemed almost too easy?
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
