Deployment Architecture

Splunk 6.2 new Distributed Management Console - How to add nodes not automatically discovered?

guilmxm
Influencer

Hello,

I am trying to setup the new 6.2 Distributed Management Console to cover all nodes of a testing cluster, but i can't figure out how to add nodes when they are not automatically discovered by Splunk.

I have a testing cluster with 3 peer nodes, 3 search heads in sh clustering mode and 1 deployment server:

  • splunk-master
  • splunk-peer1/2/3
  • splunk-head1/2/3
  • splunk-deployment

All non peers nodes (master, heads and deployment) are setup to forward data without locally indexing, according to Splunk good practices:

http://docs.splunk.com/Documentation/Splunk/6.2.0/Indexer/Forwardmasterdata

As you can see, every data of every nodes are available within the cluster data:

alt text

In the master node Distributed Management Console, i will always only see the master node and peer nodes available:

alt text

I have read the Distributed Management console:

http://docs.splunk.com/Documentation/Splunk/6.2.0/Admin/ConfiguretheMonitoringConsole

I understood the Distributed console cannot be set in a search head which part of an sh cluster, this is not the case here as the distributed console is configured in the master node (one of recommended scenarios)

I have tried manually adding missing nodes in the assets/lookup table "splunk_management_console/lookups/assets.csv" without much success, hosts becomes visible but are not accessible.

What i am missing ?

Thanks !

1 Solution

guilmxm
Influencer

Nodes to be monitored from the Distributed Management Console must added as peers in the Distributed config interface:

Settings / Distributed search

Or they won't be available within the DMC

View solution in original post

martin_mueller
SplunkTrust
SplunkTrust

Quote from your docs links: "Add each search head, deployment server, license master, and standalone indexer as a distributed search peer to the instance hosting the distributed management console."

guilmxm
Influencer

Perfectly right 🙂

In front of me but it didn't saw it... or understood it !

Thanks again.

0 Karma

guilmxm
Influencer

Nodes to be monitored from the Distributed Management Console must added as peers in the Distributed config interface:

Settings / Distributed search

Or they won't be available within the DMC

martin_mueller
SplunkTrust
SplunkTrust

Are your search heads distributed search peers of the DMC instance?

guilmxm
Influencer

All right !!!

With the help of your comment, i understood what i have missed, you need to configure the distributed search by adding each peers your want to monitor in the DMC 🙂 Going in "Settings/Distributed Search" and adding each node to be monitored.

I think maybe the doc should mention this explicitely.

Thanks you

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...