Deployment Architecture

REST API and search head cluster



In our system, Splunk REST API does a login call to Splunk in one of the search heads and gets a token from that search head.

Later on, the load balancer changes the search head that Splunk REST API is connected to.
The service is still logged into the previous search head with the token from that search head, but it's sending this token to a different search head which still hasn't been logged into.

How can I solve this issue now that we are running with search head cluster?


Labels (2)
0 Karma

Esteemed Legend

You need to turn on sticky sessions feature on your load balancer based on session_id_PORTNUMBER cookie.

0 Karma


that means it will be sticky what happens if the instances its tied to crashes and the load balancer switches instances?
also it will always be the same session on the same splunk instance ?

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...