Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Monitoring Console(MC) and Clustered Indexers. MC is only seeing indexers on one site meanwhile cluster includes two sites

santorof
Communicator
‎11-05-2017 06:55 AM

Have a server that performs my indexer clustering where my 20 indexers(10 per site) check in. On my monitoring console I wanted to check on each machines health but I only see 10 of my indexers from site 1 and not my other 10 indexers from site 2. The cluster master machine is on the same subnet as site 1 whereas site 2 is on another subnet. I dont see this as a potential issue though because my site 2 indexers are able to communicate with the master and replicate without issue(meeting all factors).

Are there any settings I need to change on my cluster master or my site 2 indexers?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

koshyk
Super Champion
‎11-05-2017 09:49 AM

You have to change this setting in the server which hosts your DMC (MC).

You can either do it via the server which contains the Monitoring Console UI 

Main Splunk -> Settings -> Distributed search » Search peers   and add/authenticate your indexers which are missing
Then in the MC,  Settings -> Distributed -> Apply Changes  (Ensure all the indexers are in the list below and roles are correct)

or via distsearch.conf entry like below

[distributedSearch:dmc_group_indexer]
servers =    https://indexer-slave-01:8089 , https://indexer-slave-02:8089 , https://indexer-slave-03:8089 , https://indexer-slave-04:8089

[distributedSearch:dmc_indexerclustergroup_my_idx_cluster1]
servers = localhost:localhost,   https://indexer-slave-01:8089 , https://indexer-slave-02:8089 , https://indexer-slave-03:8089 , https://indexer-slave-04:8089

View solution in original post

Reply
Solved! Jump to solution
Solution

koshyk
Super Champion
‎11-05-2017 09:49 AM

You have to change this setting in the server which hosts your DMC (MC).

You can either do it via the server which contains the Monitoring Console UI 

Main Splunk -> Settings -> Distributed search » Search peers   and add/authenticate your indexers which are missing
Then in the MC,  Settings -> Distributed -> Apply Changes  (Ensure all the indexers are in the list below and roles are correct)

or via distsearch.conf entry like below

[distributedSearch:dmc_group_indexer]
servers =    https://indexer-slave-01:8089 , https://indexer-slave-02:8089 , https://indexer-slave-03:8089 , https://indexer-slave-04:8089

[distributedSearch:dmc_indexerclustergroup_my_idx_cluster1]
servers = localhost:localhost,   https://indexer-slave-01:8089 , https://indexer-slave-02:8089 , https://indexer-slave-03:8089 , https://indexer-slave-04:8089
Reply
Solved! Jump to solution

amithtelkar01
Engager
‎02-03-2021 01:54 AM

Buy You a Beer ! Thanks

0 Karma
Reply
Solved! Jump to solution

santorof
Communicator
‎11-05-2017 10:01 AM

Looking into Distributed search I thought that the other indexers were added since my cluster server is considered a search head but thats not the case. I have added my other indexers to DS and everything looks great. Thanks!

Reply
Get Updates on the Splunk Community!

Digital Resilience Assessment Launch | How prepared are you for disruption?

Disruption is inevitable. The question is – how prepared are you to handle it? In today’s fast-moving digital ...

Buttercup Games: Further Dashboarding Techniques (Part 2)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Index This | What is the next number in the series? 7,645 5,764 4,576…

February 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...