Deployment Architecture

How to configure a different replication port for each splunk instance on same unix instance?

thirumalreddyb
Communicator

I have an uncommon situation.

We have multiple Splunk instances on a single unix instance; two search heads, one deployer, and two indexers. The problem now is to setup a search head cluster.

Would someone please help with the configurations?

Thanks in advance.

1 Solution

mdsnmss
SplunkTrust
SplunkTrust

We have a similar setup for our test environment. With three instances for the search heads you can configure each one's server.conf separately. There is a stanza in server.conf that applies when search head clustering is enabled. By default it is [replication_port://] with the port being 9000 I believe. You can change these to be different on each instance. Something like:

Instance 1:

[replication_port://9000] 

Instance 2:

[replication_port://9100] 

Instance 3:

[replication_port://9200] 

View solution in original post

arimaldo
Explorer

Q: if there are more than 3 members, does the number of replication ports also increase - e.g. 4 members = 4 replication ports?  What happens if you decide to just use the same port for all members?

0 Karma

mdsnmss
SplunkTrust
SplunkTrust

We have a similar setup for our test environment. With three instances for the search heads you can configure each one's server.conf separately. There is a stanza in server.conf that applies when search head clustering is enabled. By default it is [replication_port://] with the port being 9000 I believe. You can change these to be different on each instance. Something like:

Instance 1:

[replication_port://9000] 

Instance 2:

[replication_port://9100] 

Instance 3:

[replication_port://9200] 

basant19
Engager

As i tried this 9000 port in the peer side in the indexer, my indexer UI stuck please suggest.

 

0 Karma

mdsnmss
SplunkTrust
SplunkTrust

When setting up your search head cluster you can specify ports during configuration as well:

./splunk init shcluster-config -mgmt_uri https://:8x89 -replication_port 9x00 -secret shcluster

You'll want a different management port for each one as well.

0 Karma

DalJeanis
Legend

@mdsnmss - I'm SO glad you said that. I was kind of going crosseyed at the OP's setup until you said, "test instance"...

0 Karma

mdsnmss
SplunkTrust
SplunkTrust

Yep, purely to test configurations. We have run into some issues while testing SSL from forwarder to indexer doing this however.

0 Karma

thirumalreddyb
Communicator

Yes, purely to test. Luckily Splunk + Linux is the best way to play around.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

You need at least three search heads for a SH cluster.

---
If this reply helps you, Karma would be appreciated.
0 Karma

thirumalreddyb
Communicator

Ok., increased to three.

0 Karma
Get Updates on the Splunk Community!

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...