Deployment Architecture

Splunk Captain transfer issue


Hi there,

I have three search clusters SH1, SH2 and SH3. I did the upgrade from 6.5.3 to 6.6.3. The upgrade is successful. Before the upgrade SH2 was a captain, after upgrade SH3 is the new captain. So, when I try to transfer it says

Failed to proxy call to member https://8089. ERROR: Invalid FROM mgmt_uri in transfer captaincy request err="Deserialization failed. Could not find expected key 'from_mgmt_uri'" The CLI/REST call needs to be run/hit on/the current captain, not the receiving node

Please advice.

Tags (1)
0 Karma



You can run this command first on any SHC members:
/opt/splunk/bin/splunk show shcluster-status

Take note of the mgmt_uri of the SHC member you wanted. (if its IP address, use IP, if its FQDN, use FQDN)

Transfer Captaincy

/opt/splunk/bin/splunk transfer shcluster-captain -mgmt_uri https://<mgmt_uri>:8089

0 Karma


It looks like the issue is where the command is run from. Are you attempting to run the captain transfer command from SH2? Try running this from SH3/the current captain:

splunk transfer shcluster-captain -mgmt_uri <desired-captain-uri>:8089 -auth <username>:<password>
0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...