Deployment Architecture

How do I locate the captain on a search head cluster?

Path Finder

I can't find the documentation about locating the captain, but I need to do a rolling restart. The docs mention it has to be initiated from the captain. Please advise.

Thanks, Jennifer

1 Solution

Path Finder

Path Finder

As not all instances allow for CLI access, such as Splunk Cloud, you may also query the captain from the Search GUI.

| rest /services/shcluster/status splunk_server=local
| fields captain.label


If you're trying to get the captain for programatic purposes, as I am, you can either use the API, like so:

curl -s -XGET -u "admin:${SPLUNK_PASSWORD}" \
    "https://${SPLUNK_ENDPOINT}/services/shcluster/status?output_mode=json" | \
  jq -r '.entry[0].content.captain.label'

Or if you can't install jq, you can do something like:

/opt/splunk/bin/splunk show shcluster-status -auth 'admin:${SPLUNK_PASSWORD}' | \
  grep label | head -n1 | cut -d ":" -f2 | xargs

Path Finder

The information is in docs.

splunk show shcluster-status -auth username:password

Get Updates on the Splunk Community!

Synthetic Monitoring: Not your Grandma’s Polyester! Tech Talk: DevOps Edition

Register today and join TekStream on Tuesday, February 28 at 11am PT/2pm ET for a demonstration of Splunk ...

Instrumenting Java Websocket Messaging

Instrumenting Java Websocket MessagingThis article is a code-based discussion of passing OpenTelemetry trace ...

Announcing General Availability of Splunk Incident Intelligence!

Digital transformation is real! Across industries, companies big and small are going through rapid digital ...