Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Merge Indexer Cluster and Search Head Cluster after a Split Brain

FritzWittwer_ol
Contributor
‎10-25-2018 02:15 AM

How can a search head and an indexer cluster be merged after the cluster has been run intentionally in a split brain setup for some time.

e.g. the connections between two locations of a multi site cluster is broken and a captain has been assigned manualy to the second site.

Tags (1)
0 Karma
Reply

agutknecht_splu
Splunk Employee
Splunk Employee
‎10-31-2018 12:20 AM

Hi Fritz

The scenario is well documented on the following Splunk docs:

Handle master site failure:
http://docs.splunk.com/Documentation/Splunk/7.2.0/Indexer/Mastersitefailure

Restart indexing in multisite cluster after master restart or site failure
http://docs.splunk.com/Documentation/Splunk/7.2.0/Indexer/Restartindexing

Ensure that the peer and search head nodes can find the new master
http://docs.splunk.com/Documentation/Splunk/7.2.0/Indexer/Handlemasternodefailure#Ensure_that_the_pe...

Happy Splunking!
Alain

0 Karma
Reply
Get Updates on the Splunk Community!

Infographic provides the TL;DR for the 2024 Splunk Career Impact Report

We’ve been buzzing with excitement about the recent validation of Splunk Education! The 2024 Splunk Career ...

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...