Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do you add a new Search Head to Splunk Monitoring Console?

gcusello
SplunkTrust
SplunkTrust
‎02-13-2018 08:10 AM

Hi at all,

I have a distributed environment with a Search Head Cluster, some indexers. Deployment Server and I can see all the servers in the Monitoring Console(MC).
Now I added a Stand Alone Search Head (it's a Development System not integrated in the cluster) but I don't see it in MC.
The Search Head(SH) forwards its logs to the Indexers.
If I manually add this SH to the assets.csv lookup I see it in MC Overview but receive the following message "1 instances unreachable" and I haven't information about it.
If I go in [Settings -- General Setup -- Apply Changes] the added SH disappears.

How can I see it in MC?

Thank you in advance

Bye.
Giuseppe

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jcrabb_splunk
Splunk Employee
Splunk Employee
‎02-13-2018 08:31 AM

You have to add the new instance under distributed search on the DMC instance. Settings -> Distributed search -> Search peers -> New.

Doc: http://docs.splunk.com/Documentation/Splunk/7.0.2/DMC/Addinstancesassearchpeers

Jacob
Sr. Technical Support Engineer

View solution in original post

Reply
Solved! Jump to solution

SrividhyaB
Engager
‎11-30-2022 01:55 AM

Can you please let us know where you have hosted this monitoring console instance? We also face similar issue.

0 Karma
Reply
Solved! Jump to solution
Solution

jcrabb_splunk
Splunk Employee
Splunk Employee
‎02-13-2018 08:31 AM

You have to add the new instance under distributed search on the DMC instance. Settings -> Distributed search -> Search peers -> New.

Doc: http://docs.splunk.com/Documentation/Splunk/7.0.2/DMC/Addinstancesassearchpeers

Jacob
Sr. Technical Support Engineer
Reply
Solved! Jump to solution

hubekpeter
Loves-to-Learn Everything
‎07-22-2022 03:33 AM

Here's the reason https://docs.splunk.com/Documentation/Splunk/9.0.0/DistSearch/Configuredistributedsearch only monitoring console should have other search heads peered.

0 Karma
Reply
Solved! Jump to solution

kutzi
Path Finder
‎06-30-2020 03:24 AM

That's not working for me, I've added all the 3 search heads of the shcluster as peernodes, but they still don't show up in the Monitoring Console Overview

0 Karma
Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎06-30-2020 03:32 AM
You must also add and configure those on MC’s general setting page. Then apply configuration and then those should be there.
R. Ismo
Reply
Solved! Jump to solution

kutzi
Path Finder
‎06-30-2020 03:40 AM

Thanks, that's fixed it.

There's really no way to do that automated - i.e. by changing stanzas in the server.conf?
I'd like to automate the cluster setup and avoid any manual steps.

0 Karma
Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎06-30-2020 03:52 AM
Those search peers can added e.g. with ansible (or other scripts), but unfortunately at least I haven't found any reasonable way to do that last part within MC. Basically that is doable (but probably it changes later on), but as it's not supported and this is mainly (excl. cluster peers) one time task I haven't use my time to resolve it (yet).

r. Ismo
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...