Deployment Architecture

How do you add a new Search Head to Splunk Monitoring Console?

gcusello
SplunkTrust
SplunkTrust

Hi at all,

I have a distributed environment with a Search Head Cluster, some indexers. Deployment Server and I can see all the servers in the Monitoring Console(MC).
Now I added a Stand Alone Search Head (it's a Development System not integrated in the cluster) but I don't see it in MC.
The Search Head(SH) forwards its logs to the Indexers.
If I manually add this SH to the assets.csv lookup I see it in MC Overview but receive the following message "1 instances unreachable" and I haven't information about it.
If I go in [Settings -- General Setup -- Apply Changes] the added SH disappears.

How can I see it in MC?

Thank you in advance

Bye.
Giuseppe

0 Karma
1 Solution

jcrabb_splunk
Splunk Employee
Splunk Employee

You have to add the new instance under distributed search on the DMC instance. Settings -> Distributed search -> Search peers -> New.

Doc: http://docs.splunk.com/Documentation/Splunk/7.0.2/DMC/Addinstancesassearchpeers

Jacob
Sr. Technical Support Engineer

View solution in original post

SrividhyaB
Engager

Can you please let us know where you have hosted this monitoring console instance? We also face similar issue.

0 Karma

jcrabb_splunk
Splunk Employee
Splunk Employee

You have to add the new instance under distributed search on the DMC instance. Settings -> Distributed search -> Search peers -> New.

Doc: http://docs.splunk.com/Documentation/Splunk/7.0.2/DMC/Addinstancesassearchpeers

Jacob
Sr. Technical Support Engineer

hubekpeter
Loves-to-Learn Everything

Here's the reason https://docs.splunk.com/Documentation/Splunk/9.0.0/DistSearch/Configuredistributedsearch only monitoring console should have other search heads peered.

0 Karma

kutzi
Path Finder

That's not working for me, I've added all the 3 search heads of the shcluster as peernodes, but they still don't show up in the Monitoring Console Overview

0 Karma

isoutamo
SplunkTrust
SplunkTrust
You must also add and configure those on MC’s general setting page. Then apply configuration and then those should be there.
R. Ismo

kutzi
Path Finder

Thanks, that's fixed it.

There's really no way to do that automated - i.e. by changing stanzas in the server.conf?
I'd like to automate the cluster setup and avoid any manual steps.

0 Karma

isoutamo
SplunkTrust
SplunkTrust
Those search peers can added e.g. with ansible (or other scripts), but unfortunately at least I haven't found any reasonable way to do that last part within MC. Basically that is doable (but probably it changes later on), but as it's not supported and this is mainly (excl. cluster peers) one time task I haven't use my time to resolve it (yet).

r. Ismo
Get Updates on the Splunk Community!

Splunk is Nurturing Tomorrow’s Cybersecurity Leaders Today

Meet Carol Wright. She leads the Splunk Academic Alliance program at Splunk. The Splunk Academic Alliance ...

Part 2: A Guide to Maximizing Splunk IT Service Intelligence

Welcome to the second segment of our guide. In Part 1, we covered the essentials of getting started with ITSI ...

Part 1: A Guide to Maximizing Splunk IT Service Intelligence

As modern IT environments continue to grow in complexity and speed, the ability to efficiently manage and ...