Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to configure a different replication port for each splunk instance on same unix instance?

thirumalreddyb
Communicator
‎08-20-2017 08:53 AM

I have an uncommon situation.

We have multiple Splunk instances on a single unix instance; two search heads, one deployer, and two indexers. The problem now is to setup a search head cluster.

Would someone please help with the configurations?

Thanks in advance.

Reply
1 Solution
Solved! Jump to solution
Solution

mdsnmss
SplunkTrust
SplunkTrust
‎08-21-2017 06:31 AM

We have a similar setup for our test environment. With three instances for the search heads you can configure each one's server.conf separately. There is a stanza in server.conf that applies when search head clustering is enabled. By default it is [replication_port://] with the port being 9000 I believe. You can change these to be different on each instance. Something like:

Instance 1:

[replication_port://9000]

Instance 2:

[replication_port://9100]

Instance 3:

[replication_port://9200]

View solution in original post

Reply
Solved! Jump to solution

arimaldo
Explorer
‎10-13-2020 12:17 PM

Q: if there are more than 3 members, does the number of replication ports also increase - e.g. 4 members = 4 replication ports?  What happens if you decide to just use the same port for all members?

0 Karma
Reply
Solved! Jump to solution
Solution

mdsnmss
SplunkTrust
SplunkTrust
‎08-21-2017 06:31 AM

We have a similar setup for our test environment. With three instances for the search heads you can configure each one's server.conf separately. There is a stanza in server.conf that applies when search head clustering is enabled. By default it is [replication_port://] with the port being 9000 I believe. You can change these to be different on each instance. Something like:

Instance 1:

[replication_port://9000]

Instance 2:

[replication_port://9100]

Instance 3:

[replication_port://9200]
Reply
Solved! Jump to solution

basant19
Engager
‎06-20-2022 11:46 PM

As i tried this 9000 port in the peer side in the indexer, my indexer UI stuck please suggest.

 

0 Karma
Reply
Solved! Jump to solution

mdsnmss
SplunkTrust
SplunkTrust
‎08-21-2017 06:37 AM

When setting up your search head cluster you can specify ports during configuration as well:

./splunk init shcluster-config -mgmt_uri https://:8x89 -replication_port 9x00 -secret shcluster

You'll want a different management port for each one as well.

0 Karma
Reply
Solved! Jump to solution

DalJeanis
Legend
‎08-21-2017 06:37 AM

@mdsnmss - I'm SO glad you said that. I was kind of going crosseyed at the OP's setup until you said, "test instance"...

0 Karma
Reply
Solved! Jump to solution

mdsnmss
SplunkTrust
SplunkTrust
‎08-21-2017 06:43 AM

Yep, purely to test configurations. We have run into some issues while testing SSL from forwarder to indexer doing this however.

0 Karma
Reply
Solved! Jump to solution

thirumalreddyb
Communicator
‎08-21-2017 04:51 PM

Yes, purely to test. Luckily Splunk + Linux is the best way to play around.

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎08-20-2017 02:01 PM

You need at least three search heads for a SH cluster.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

thirumalreddyb
Communicator
‎08-20-2017 06:56 PM

Ok., increased to three.

0 Karma
Reply
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...