Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk Enpterprise - Indexer Cluster issue

kishor_pinjarka
Path Finder
‎01-08-2020 01:01 AM

Why I am not able to see Search Heads connection in Cluster Master Monitoring Console - Overview Dashboard (See 1st image)

alt text

However, I did successful connection to Cluster Master from both Search Heads. (See 2nd image)

alt text

I referred below documentation (Integrate the search head cluster with an indexer cluster):
https://docs.splunk.com/Documentation/Splunk/7.2.0/DistSearch/SHCandindexercluster

Background of Architecture:
1 CM,
2 Indexers (Indexer Clustered),
2 Search Heads (Search Head Clustered),
1 Deployer
1 Deployment Server
1 Heavy Forwarder

Splunk Enterprise: 7.2
OS: Centos 7

Splunk License - When you first install a copy of Splunk Enterprise, the installed instance uses a 60 day trial license.

Preview file
1 KB
Preview file
1 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎01-08-2020 01:08 AM

Hi @kishor_pinjarkar_ebay,
at first, did you configured all your Splunk servers (also Deployer and Search Heads) to forward their internal logs to Indexers?
Then, you should see in DMC all the Splunk servers but you have to configure their roles in Monitoring Console Setup [Monitoring Console -- Settings -- Setup].
At https://docs.splunk.com/Documentation/Splunk/8.0.1/DMC/DMCoverview you can find all the infos you need to do this.

Ciao.
Giuseppe

View solution in original post

Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎01-08-2020 01:08 AM

Hi @kishor_pinjarkar_ebay,
at first, did you configured all your Splunk servers (also Deployer and Search Heads) to forward their internal logs to Indexers?
Then, you should see in DMC all the Splunk servers but you have to configure their roles in Monitoring Console Setup [Monitoring Console -- Settings -- Setup].
At https://docs.splunk.com/Documentation/Splunk/8.0.1/DMC/DMCoverview you can find all the infos you need to do this.

Ciao.
Giuseppe

Reply
Solved! Jump to solution

kishor_pinjarka
Path Finder
‎01-08-2020 06:09 PM

I missed this step - https://docs.splunk.com/Documentation/Splunk/8.0.1/DMC/Addinstancesassearchpeers

Now it's working fine.

0 Karma
Reply
Solved! Jump to solution

kishor_pinjarka
Path Finder
‎01-08-2020 01:48 AM

Also checked, Cluster Master Monitoring Console - Instances dashboard.
They are not showing up there.

0 Karma
Reply
Solved! Jump to solution

kishor_pinjarka
Path Finder
‎01-08-2020 01:49 AM

Is it because of different secret key for each - Indexer Cluster and Search Head Cluster?

0 Karma
Reply
Solved! Jump to solution

kishor_pinjarka
Path Finder
‎01-08-2020 01:45 AM

Yes, forwarded logs from both Search Heads and Deployer.
Yes, I did role configuration earlier.

Still no luck now. Let me read the docs -https://docs.splunk.com/Documentation/Splunk/7.2.0/DMC/DMCoverview

0 Karma
Reply
Get Updates on the Splunk Community!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...

Splunk APM: New Product Features + Community Office Hours Recap!

Howdy Splunk Community! Over the past few months, we’ve had a lot going on in the world of Splunk Application ...

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...