Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Merge Indexer Cluster and Search Head Cluster after a Split Brain

FritzWittwer_ol
Contributor
‎10-25-2018 02:15 AM

How can a search head and an indexer cluster be merged after the cluster has been run intentionally in a split brain setup for some time.

e.g. the connections between two locations of a multi site cluster is broken and a captain has been assigned manualy to the second site.

Tags (1)
0 Karma
Reply

agutknecht_splu
Splunk Employee
Splunk Employee
‎10-31-2018 12:20 AM

Hi Fritz

The scenario is well documented on the following Splunk docs:

Handle master site failure:
http://docs.splunk.com/Documentation/Splunk/7.2.0/Indexer/Mastersitefailure

Restart indexing in multisite cluster after master restart or site failure
http://docs.splunk.com/Documentation/Splunk/7.2.0/Indexer/Restartindexing

Ensure that the peer and search head nodes can find the new master
http://docs.splunk.com/Documentation/Splunk/7.2.0/Indexer/Handlemasternodefailure#Ensure_that_the_pe...

Happy Splunking!
Alain

0 Karma
Reply
Get Updates on the Splunk Community!

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

The University of Nevada, Las Vegas (UNLV) is another premier research institution helping to shape the next ...

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...