Is it possible to disable splunkd SSL in Search He...

kwchang_splunk · ‎09-15-2015

Hello experts,

Can Search Head Clustering work with enableSplunkdSSL = false option?
I tried the following:

on deployer instance.
- "enableSplunkdSSL = false"

on each SHC member instance.
- "enableSplunkdSSL = false"
- conf_deploy_fetch_url : changed https to http
- mgmt_uri : changed https to http

Tried to restart all instances and also repeated init/bootstrap steps of SHC, but failed.

Each search head can start up well and run distributed searches, but when I run the bootstrap shcluster-captain command, I find following entry from the splunkd.log.

   ERROR SHPRaftConsensus - Failed to bootstrap this node as a captain.

And when I set category.SHPRaftConsensus=DEBUG, I can find the following log entries repeatedly in the splunkd.log of all search head instances.

   DEBUG SHPRaftConsensus - Will become candidate in 110661 ms

Any comments would be very appreciated.

Thank you.

mgo · ‎06-16-2016

In addition to the changes to server.conf, you also have to delete $SPLUNK_HOME/splunk/var/run/splunk/_raft on each of your search heads. You can then restart and run "bootstrap shcluster-captain" again.

apfender_splunk · ‎09-16-2015

Did you change the admin password, maybe this post help?

http://answers.splunk.com/answers/289333/why-am-i-unable-to-bootstrap-a-captain-in-a-search.html

kwchang_splunk · ‎09-16-2015

Hello Apfender, Thank you for replying.
I think, it looks different problem.

Is it possible to disable splunkd SSL in Search Head Clustering with "enableSplunkdSSL=false"?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?