Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Monitoring Console(MC) and Clustered Indexers. MC is only seeing indexers on one site meanwhile cluster includes two sites

santorof
Communicator
‎11-05-2017 06:55 AM

Have a server that performs my indexer clustering where my 20 indexers(10 per site) check in. On my monitoring console I wanted to check on each machines health but I only see 10 of my indexers from site 1 and not my other 10 indexers from site 2. The cluster master machine is on the same subnet as site 1 whereas site 2 is on another subnet. I dont see this as a potential issue though because my site 2 indexers are able to communicate with the master and replicate without issue(meeting all factors).

Are there any settings I need to change on my cluster master or my site 2 indexers?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

koshyk
Super Champion
‎11-05-2017 09:49 AM

You have to change this setting in the server which hosts your DMC (MC).

You can either do it via the server which contains the Monitoring Console UI 

Main Splunk -> Settings -> Distributed search » Search peers   and add/authenticate your indexers which are missing
Then in the MC,  Settings -> Distributed -> Apply Changes  (Ensure all the indexers are in the list below and roles are correct)

or via distsearch.conf entry like below

[distributedSearch:dmc_group_indexer]
servers =    https://indexer-slave-01:8089 , https://indexer-slave-02:8089 , https://indexer-slave-03:8089 , https://indexer-slave-04:8089

[distributedSearch:dmc_indexerclustergroup_my_idx_cluster1]
servers = localhost:localhost,   https://indexer-slave-01:8089 , https://indexer-slave-02:8089 , https://indexer-slave-03:8089 , https://indexer-slave-04:8089

View solution in original post

Reply
Solved! Jump to solution
Solution

koshyk
Super Champion
‎11-05-2017 09:49 AM

You have to change this setting in the server which hosts your DMC (MC).

You can either do it via the server which contains the Monitoring Console UI 

Main Splunk -> Settings -> Distributed search » Search peers   and add/authenticate your indexers which are missing
Then in the MC,  Settings -> Distributed -> Apply Changes  (Ensure all the indexers are in the list below and roles are correct)

or via distsearch.conf entry like below

[distributedSearch:dmc_group_indexer]
servers =    https://indexer-slave-01:8089 , https://indexer-slave-02:8089 , https://indexer-slave-03:8089 , https://indexer-slave-04:8089

[distributedSearch:dmc_indexerclustergroup_my_idx_cluster1]
servers = localhost:localhost,   https://indexer-slave-01:8089 , https://indexer-slave-02:8089 , https://indexer-slave-03:8089 , https://indexer-slave-04:8089
Reply
Solved! Jump to solution

amithtelkar01
Engager
‎02-03-2021 01:54 AM

Buy You a Beer ! Thanks

0 Karma
Reply
Solved! Jump to solution

santorof
Communicator
‎11-05-2017 10:01 AM

Looking into Distributed search I thought that the other indexers were added since my cluster server is considered a search head but thats not the case. I have added my other indexers to DS and everything looks great. Thanks!

Reply
Get Updates on the Splunk Community!

What the End of Support for Splunk Add-on Builder Means for You

Hello Splunk Community! We want to share an important update regarding the future of the Splunk Add-on Builder ...

Solve, Learn, Repeat: New Puzzle Channel Now Live

Welcome to the Splunk Puzzle PlaygroundIf you are anything like me, you love to solve problems, and what ...

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...