I also have this issue.
The search peers (indexers) were added to the Search Head Cluster. They are all listed but the only indexes that are available are the default indexes that were available.

Hi,
thanks for the link and your answer. I read the part of the documentation this morning and decided to create a dedicated app for the authorization.
Unfortunately I do not have as much knowledge about the indexer cluster and a dedicated SH. Therefore I have to ask again.
You wrote I should be able to manage the roles by the Web interface. But if I login to the SH with the admin account, I cannot see any custom indexes. I only see the defaults.
Just for your information. All the custom indexes are created with an indexes.conf file on the SH which is also the Cluster Master in the directory /opt/splunk/etc/master-apps/_cluster/local.
I pushed this information to the indexers by checking and pushing it with the web interface from the SH / CM.

My new authorization app is located on /opt/splunk/etc/shcluster/apps. Because I checked the configuration in the webgui and both indexers are defined as search peers. How can I deploy this app now to the search peers?

Is it correct that with this configuration, I'm not able anymore to use the webgui for the management of the roles?

Many thanks.

Hi,

Is the indexes.conf file present on the 2 indexers in the slave-apps directory ?.. Apps on the CM should be stored in etc/master-apps.. i havent seen them stored _cluster/local. They are then pushed to the slave-apps directory on its peers.

If even admin cannot see the indexes it may be that they dont exist on your indexers(EG - the conf file hasnt arrived).

As i said, the indexes.conf file is located on the indexers in /opt/splunk/etc/slave-apps/_cluster/local.

The incomming events are correct indexed and are searchable over the indexers as well as on the SH.

So this configuration seems to be okay. It is only for the role setup. There I'm not able to select the different indexes for the roles.