How to remove a search head member from cluster ?

danielwan · ‎12-13-2017

I am following the below process to remove a search head cluster member
https://docs.splunk.com/Documentation/Splunk/7.0.1/DistSearch/Removeaclustermember

I run the following CLI on the host I would like to remove from search head cluster and got following error.

sudo /opt/splunk/bin/splunk remove shcluster-member -auth admin:yahoo7
https://"captain host mgmt uri" ERROR: Raft not initialized. This means that dynamic captain mode was not set in server.conf

I am using static Splunk search head captain than the dynamic election. What is the correct approach to remove search head member when I using static captain?

p_gurav · ‎03-17-2018

Hi,
Can you make captain dynamic till removing search head. After removal you can again make static captain.

deepashri_123 · ‎12-14-2017

Hi danielwan,

Please refer to the document below:

https://docs.splunk.com/Documentation/Splunk/7.0.1/DistSearch/Removeaclustermember
Hope this helps!!!!

danielwan · ‎12-18-2017

I have already followed the document.
The error message seems to mean that I am using static captain than dynamical captain, so splunk remove shcluster-member does not work here.

How to remove a search head member from cluster ?

Infographic provides the TL;DR for the 2024 Splunk Career Impact Report

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?