Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Merge Indexer Cluster and Search Head Cluster after a Split Brain

FritzWittwer_ol
Contributor
‎10-25-2018 02:15 AM

How can a search head and an indexer cluster be merged after the cluster has been run intentionally in a split brain setup for some time.

e.g. the connections between two locations of a multi site cluster is broken and a captain has been assigned manualy to the second site.

Tags (1)
0 Karma
Reply

agutknecht_splu
Splunk Employee
Splunk Employee
‎10-31-2018 12:20 AM

Hi Fritz

The scenario is well documented on the following Splunk docs:

Handle master site failure:
http://docs.splunk.com/Documentation/Splunk/7.2.0/Indexer/Mastersitefailure

Restart indexing in multisite cluster after master restart or site failure
http://docs.splunk.com/Documentation/Splunk/7.2.0/Indexer/Restartindexing

Ensure that the peer and search head nodes can find the new master
http://docs.splunk.com/Documentation/Splunk/7.2.0/Indexer/Handlemasternodefailure#Ensure_that_the_pe...

Happy Splunking!
Alain

0 Karma
Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...