Deployment Architecture

How to sync configurations from master node to peer and search nodes?

dhavamanis
Builder

Can you please tell us, how to sync the sourcetype and indexes from master node to other peers and search nodes.

0 Karma
1 Solution

ppablo
Retired

Hi @dhavamanis

Have you looked at the following documentation? I think this is what you are looking for:
http://docs.splunk.com/Documentation/Splunk/6.1.1/Indexer/Updatepeerconfigurations

View solution in original post

ppablo
Retired

Hi @dhavamanis

Have you looked at the following documentation? I think this is what you are looking for:
http://docs.splunk.com/Documentation/Splunk/6.1.1/Indexer/Updatepeerconfigurations

ppablo
Retired

1)Test sourcetype and index config files to make sure they work.

2)Move the config files into the configuration bundle under the master-apps/_cluster/local subdirectory on the master node.

3)On the master node dashboard:

-Click Settings in the upper right corner of Splunk Web.

-In the Distributed environment group, click Clustering.

-Click the Edit button on upper right corner of the dashboard and select the Distribute Configuration Bundle option.

-Click the Distribute Configuration Bundle button (NOTE: The distribution may cause a peer restart)

-Click Push Changes to continue.

0 Karma

dhavamanis
Builder

i am creating sourcetype and index through Splunk web ui. in that case, can you please provide the detailed steps to sync them.

0 Karma

dhavamanis
Builder

we have enabled cluster setup with the below

  1. cluster master node (1 node)
  2. cluster peer indexing node (3 node)
  3. search head (2 nodes)

In this case, if we create a new index / sourcetype in master cluster nodes, how do we sync the other nodes with the same configuration(cluster peer and cluster search head). or do we need to create the same configuration manually in all nodes.

0 Karma

Ayn
Legend

What do you mean by "sync the sourcetype"? What do you mean by master node? It seems like you have some terminology that you need to get straight first of all.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...