Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to configure a different replication port for each splunk instance on same unix instance?

thirumalreddyb
Communicator
‎08-20-2017 08:53 AM

I have an uncommon situation.

We have multiple Splunk instances on a single unix instance; two search heads, one deployer, and two indexers. The problem now is to setup a search head cluster.

Would someone please help with the configurations?

Thanks in advance.

Reply
1 Solution
Solved! Jump to solution
Solution

mdsnmss
SplunkTrust
SplunkTrust
‎08-21-2017 06:31 AM

We have a similar setup for our test environment. With three instances for the search heads you can configure each one's server.conf separately. There is a stanza in server.conf that applies when search head clustering is enabled. By default it is [replication_port://] with the port being 9000 I believe. You can change these to be different on each instance. Something like:

Instance 1:

[replication_port://9000]

Instance 2:

[replication_port://9100]

Instance 3:

[replication_port://9200]

View solution in original post

Reply
Solved! Jump to solution

arimaldo
Explorer
‎10-13-2020 12:17 PM

Q: if there are more than 3 members, does the number of replication ports also increase - e.g. 4 members = 4 replication ports?  What happens if you decide to just use the same port for all members?

0 Karma
Reply
Solved! Jump to solution
Solution

mdsnmss
SplunkTrust
SplunkTrust
‎08-21-2017 06:31 AM

We have a similar setup for our test environment. With three instances for the search heads you can configure each one's server.conf separately. There is a stanza in server.conf that applies when search head clustering is enabled. By default it is [replication_port://] with the port being 9000 I believe. You can change these to be different on each instance. Something like:

Instance 1:

[replication_port://9000]

Instance 2:

[replication_port://9100]

Instance 3:

[replication_port://9200]
Reply
Solved! Jump to solution

basant19
Engager
‎06-20-2022 11:46 PM

As i tried this 9000 port in the peer side in the indexer, my indexer UI stuck please suggest.

 

0 Karma
Reply
Solved! Jump to solution

mdsnmss
SplunkTrust
SplunkTrust
‎08-21-2017 06:37 AM

When setting up your search head cluster you can specify ports during configuration as well:

./splunk init shcluster-config -mgmt_uri https://:8x89 -replication_port 9x00 -secret shcluster

You'll want a different management port for each one as well.

0 Karma
Reply
Solved! Jump to solution

DalJeanis
Legend
‎08-21-2017 06:37 AM

@mdsnmss - I'm SO glad you said that. I was kind of going crosseyed at the OP's setup until you said, "test instance"...

0 Karma
Reply
Solved! Jump to solution

mdsnmss
SplunkTrust
SplunkTrust
‎08-21-2017 06:43 AM

Yep, purely to test configurations. We have run into some issues while testing SSL from forwarder to indexer doing this however.

0 Karma
Reply
Solved! Jump to solution

thirumalreddyb
Communicator
‎08-21-2017 04:51 PM

Yes, purely to test. Luckily Splunk + Linux is the best way to play around.

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎08-20-2017 02:01 PM

You need at least three search heads for a SH cluster.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

thirumalreddyb
Communicator
‎08-20-2017 06:56 PM

Ok., increased to three.

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...