Deployment Architecture

How to configure a different replication port for each splunk instance on same unix instance?

thirumalreddyb
Communicator

I have an uncommon situation.

We have multiple Splunk instances on a single unix instance; two search heads, one deployer, and two indexers. The problem now is to setup a search head cluster.

Would someone please help with the configurations?

Thanks in advance.

1 Solution

mdsnmss
SplunkTrust
SplunkTrust

We have a similar setup for our test environment. With three instances for the search heads you can configure each one's server.conf separately. There is a stanza in server.conf that applies when search head clustering is enabled. By default it is [replication_port://] with the port being 9000 I believe. You can change these to be different on each instance. Something like:

Instance 1:

[replication_port://9000] 

Instance 2:

[replication_port://9100] 

Instance 3:

[replication_port://9200] 

View solution in original post

arimaldo
Explorer

Q: if there are more than 3 members, does the number of replication ports also increase - e.g. 4 members = 4 replication ports?  What happens if you decide to just use the same port for all members?

0 Karma

mdsnmss
SplunkTrust
SplunkTrust

We have a similar setup for our test environment. With three instances for the search heads you can configure each one's server.conf separately. There is a stanza in server.conf that applies when search head clustering is enabled. By default it is [replication_port://] with the port being 9000 I believe. You can change these to be different on each instance. Something like:

Instance 1:

[replication_port://9000] 

Instance 2:

[replication_port://9100] 

Instance 3:

[replication_port://9200] 

View solution in original post

mdsnmss
SplunkTrust
SplunkTrust

When setting up your search head cluster you can specify ports during configuration as well:

./splunk init shcluster-config -mgmt_uri https://:8x89 -replication_port 9x00 -secret shcluster

You'll want a different management port for each one as well.

0 Karma

DalJeanis
SplunkTrust
SplunkTrust

@mdsnmss - I'm SO glad you said that. I was kind of going crosseyed at the OP's setup until you said, "test instance"...

0 Karma

mdsnmss
SplunkTrust
SplunkTrust

Yep, purely to test configurations. We have run into some issues while testing SSL from forwarder to indexer doing this however.

0 Karma

thirumalreddyb
Communicator

Yes, purely to test. Luckily Splunk + Linux is the best way to play around.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

You need at least three search heads for a SH cluster.

---
If this reply helps you, an upvote would be appreciated.
0 Karma

thirumalreddyb
Communicator

Ok., increased to three.

0 Karma
Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!