Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to restart a SHC (search head cluster) at the server level?

Jason
Motivator
‎05-29-2015 03:40 AM

I am at a client where, by policy, they must restart servers every week. They have an 8-node Search Head Cluster. What is the best method for restarting it?

(Is there a maintenance mode, such as indexer clustering? Do they need to run any command before/after the restart? Should they restart 1, 2, 3, 8 at a time?)

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mahamed_splunk
Splunk Employee
Splunk Employee
‎05-29-2015 06:52 AM

There is no maintenance mode in SHC. The nodes can be restarted in any order you want. It's a question of whether you want to maintain availability during the restart process. If availability is not required, then you can restart them all at once.

View solution in original post

Reply
Solved! Jump to solution

pkumar9610
Explorer
‎12-14-2023 11:54 AM

To perform rolling restart of SH cluster use,

splunk rolling-restart shcluster-members

To check the current status of rolling restart use, 

splunk rolling-restart shcluster-members -status 1

Reply
Solved! Jump to solution

sowings
Splunk Employee
Splunk Employee
‎05-29-2015 07:01 AM

http://docs.splunk.com/Documentation/Splunk/latest/DistSearch/RestartSHC

0 Karma
Reply
Solved! Jump to solution

Jason
Motivator
‎05-29-2015 07:04 AM

I need to know how to restart the servers themselves, not run a rolling restart on the Splunk instances.

0 Karma
Reply
Solved! Jump to solution

IamaRobot
New Member
‎06-06-2017 11:19 AM

This is a link to the docs, but the docs don't address this question. We want to know if rolling restarts perform what I would call a "graceful" restart. For a good description of how a graceful restart should work see this description from Apache https://httpd.apache.org/docs/2.4/stopping.html#graceful

Users would expect a graceful restart to dis allow new searches, but allow currently running searches to finish before restarting.

0 Karma
Reply
Solved! Jump to solution

IamaRobot
New Member
‎06-06-2017 11:20 AM

This should have appeared as a reply to "sowings".

0 Karma
Reply
Solved! Jump to solution

sowings
Splunk Employee
Splunk Employee
‎05-29-2015 07:11 AM

Splunk won't trigger a restart of the host OS. Maintenance mode is not required, because the SHC is a bit less paranoid about satisfying replication of the artifacts. We're not talking about data fidelity, we're talking about cached copies of the searches that have been run. If you're talking about replication of knowledge objects, that will always happen across all nodes.

0 Karma
Reply
Solved! Jump to solution

Jason
Motivator
‎05-29-2015 07:18 AM

Yes. I'm saying a restart of the host OS is required by policy, and I needed to know the best way to do it for the clustered search heads. It sounds like all at once is sufficient.

0 Karma
Reply
Solved! Jump to solution
Solution

mahamed_splunk
Splunk Employee
Splunk Employee
‎05-29-2015 06:52 AM

There is no maintenance mode in SHC. The nodes can be restarted in any order you want. It's a question of whether you want to maintain availability during the restart process. If availability is not required, then you can restart them all at once.

Reply
Solved! Jump to solution

Jason
Motivator
‎05-29-2015 07:04 AM

Great - thanks. Restarting them all servers at once will not cause unnecessary replication, assuming that some may come back online before others?

0 Karma
Reply
Get Updates on the Splunk Community!

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...