Deployment Architecture
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- Search head keeps failing in search head cluster
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Search head keeps failing in search head cluster
zzhao05
New Member
06-04-2019
01:11 PM
This was the search head that kept failing:
splunk > /appl/splunk/bin/splunk show shcluster-status -auth admin:adminpassword
Encountered some errors while trying to obtain sh cluster status.
This node is not the captain of the search head cluster, and we could not determine the current captain. The cluster is either in the process of electing a new captain, or this member hasn't joined the pool
splunk > /appl/splunk/bin/splunk show shcluster-status -auth admin:Adm\!n4Splk
On the other hand, the other 2 SHs look ok when I issued shcluster-status command on CLI:
Captain:
dynamic_captain : 1
elected_captain : Tue Jun 4 12:47:03 2019
id : A6F265E7-5FEC-448A-9ACD-8FE901D045D5
initialized_flag : 0
label : pgv013d27
mgmt_uri : https://172.26.42.160:8089
min_peers_joined_flag : 0
rolling_restart_flag : 0
service_ready_flag : 0
Members:
pgv013aba
label : pgv013aba
last_conf_replication : Tue Jun 4 14:04:23 2019
mgmt_uri : https://172.26.96.216:8089
mgmt_uri_alias : https://172.26.96.216:8089
status : Up
pgv013d27
label : pgv013d27
mgmt_uri : https://172.26.42.160:8089
mgmt_uri_alias : https://172.26.42.160:8089
status : Up
I did check with the forum and made sure that the mgmt_url was correct in server.conf..
It worked for a while but it started failing again after a while.
And I see the captain was selected and up and running. not sure why on the failing SH, it shows cannot determine the current captain.. Any advise where else shall I check?
Thanks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
PickleRick
SplunkTrust
06-29-2024
12:48 PM
First things first - check splunkd.log for errors. It looks like come communication problems. between nodes. If all else fails, just reinstall the node from scratch and bootstrap it as a SHC member.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
codebuilder
Influencer
06-05-2019
10:22 AM
Within server.conf, make sure that the pass4SymmKey is set correctly under both the [general] and [shclustering] stanzas on the failing node, then cycle splunk and re-evaluate.
----
An upvote would be appreciated and Accept Solution if it helps!
An upvote would be appreciated and Accept Solution if it helps!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
adoumbia
Engager
06-28-2024
06:57 PM
I am having the error I tried your solution, unfortunately it does not work.
Get Updates on the Splunk Community!
Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside
Pack your bags (and maybe your dancing shoes)—Cisco Live is heading to San Diego, June 8–12, 2025, and Splunk ...
Splunk App Dev Community Updates – What’s New and What’s Next
Welcome to your go-to roundup of everything happening in the Splunk App Dev Community! Whether you're building ...
The Latest Cisco Integrations With Splunk Platform!
Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...
