Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to add a new Search Head Cluster member to an existing SHC group if we have lost the secret key?

rbal_splunk
Splunk Employee
Splunk Employee
‎02-05-2016 01:33 PM

I have a 7 Node Search Head Cluster pool that was set up using a secret key. Unfortunately we lost secret and now we have a need to add another Member. What are my options?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

rbal_splunk
Splunk Employee
Splunk Employee
‎02-05-2016 01:34 PM

Here are two options that worked with me…

Option 1 : Use Splunk to Decrypt Password Encrypted by Splunk : Refer :- https://hurricanelabs.com/blog/decrypt-passwords-encrypted-by-splunk/
Option 2 : in this approach follow
+Install the new instance of Search Head Cluster Member . (don’t start Splunk instance yet)
+Copy $SPLUNK_HOME_EXISTING_SHC/etc/auth/splunk.secret from one of the existing Search Head cluster to New instances $SPLUNK_HOME_NEW_SHC/etc/auth
+After that start splunk for the first time copy $SPLUNK_HOME_EXISTING_SHC/etc/system/local/server.conf stanza [shclustering] to $SPLUNK_HOME_NEW_SHC/etc/system/local/server.conf

[shclustering]
conf_deploy_fetch_url = https://DEPLOYER_URI:DEPLOYER_MGMT_PORT
disabled = 0
mgmt_uri = https://:SPLUNK_HOME_NEW_SHC_MGMT_PORT
pass4SymmKey = $1$XccY3P4=
replication_factor = 1
id = B1D0A95D-4DB6-4111-A702-57EADDFFC932

+Restart the Splunk new Search Head cluster Member.
+Follow the link to add it as Search Head Cluster member to exiting SHC group.

View solution in original post

Reply
Solved! Jump to solution
Solution

rbal_splunk
Splunk Employee
Splunk Employee
‎02-05-2016 01:34 PM

Here are two options that worked with me…

Option 1 : Use Splunk to Decrypt Password Encrypted by Splunk : Refer :- https://hurricanelabs.com/blog/decrypt-passwords-encrypted-by-splunk/
Option 2 : in this approach follow
+Install the new instance of Search Head Cluster Member . (don’t start Splunk instance yet)
+Copy $SPLUNK_HOME_EXISTING_SHC/etc/auth/splunk.secret from one of the existing Search Head cluster to New instances $SPLUNK_HOME_NEW_SHC/etc/auth
+After that start splunk for the first time copy $SPLUNK_HOME_EXISTING_SHC/etc/system/local/server.conf stanza [shclustering] to $SPLUNK_HOME_NEW_SHC/etc/system/local/server.conf

[shclustering]
conf_deploy_fetch_url = https://DEPLOYER_URI:DEPLOYER_MGMT_PORT
disabled = 0
mgmt_uri = https://:SPLUNK_HOME_NEW_SHC_MGMT_PORT
pass4SymmKey = $1$XccY3P4=
replication_factor = 1
id = B1D0A95D-4DB6-4111-A702-57EADDFFC932

+Restart the Splunk new Search Head cluster Member.
+Follow the link to add it as Search Head Cluster member to exiting SHC group.

Reply
Solved! Jump to solution

graju89
Path Finder
‎03-27-2019 07:36 AM

@rbal_splunk : Hi rbal, I have the same problem. But I dont have SCH. I am trying to add new search head into clustering. We have lost the secret key of the master. I tried your second options. But no luck. Can you help me on this?

Thanks,

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

What Is Splunk? Here’s What You Can Do with Splunk

Hey Splunk Community, we know you know Splunk. You likely leverage its unparalleled ability to ingest, index, ...

Level Up Your .conf25: Splunk Arcade Comes to Boston

With .conf25 right around the corner in Boston, there’s a lot to look forward to — inspiring keynotes, ...

Manual Instrumentation with Splunk Observability Cloud: How to Instrument Frontend ...

Although it might seem daunting, as we’ve seen in this series, manual instrumentation can be straightforward ...