Deployment Architecture

Splunk Enpterprise - Indexer Cluster issue

kishor_pinjarka
Path Finder

Why I am not able to see Search Heads connection in Cluster Master Monitoring Console - Overview Dashboard (See 1st image)

alt text

However, I did successful connection to Cluster Master from both Search Heads. (See 2nd image)

alt text

I referred below documentation (Integrate the search head cluster with an indexer cluster):
https://docs.splunk.com/Documentation/Splunk/7.2.0/DistSearch/SHCandindexercluster

Background of Architecture:
1 CM,
2 Indexers (Indexer Clustered),
2 Search Heads (Search Head Clustered),
1 Deployer
1 Deployment Server
1 Heavy Forwarder

Splunk Enterprise: 7.2
OS: Centos 7

Splunk License - When you first install a copy of Splunk Enterprise, the installed instance uses a 60 day trial license.

0 Karma
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi @kishor_pinjarkar_ebay,
at first, did you configured all your Splunk servers (also Deployer and Search Heads) to forward their internal logs to Indexers?
Then, you should see in DMC all the Splunk servers but you have to configure their roles in Monitoring Console Setup [Monitoring Console -- Settings -- Setup].
At https://docs.splunk.com/Documentation/Splunk/8.0.1/DMC/DMCoverview you can find all the infos you need to do this.

Ciao.
Giuseppe

View solution in original post

gcusello
SplunkTrust
SplunkTrust

Hi @kishor_pinjarkar_ebay,
at first, did you configured all your Splunk servers (also Deployer and Search Heads) to forward their internal logs to Indexers?
Then, you should see in DMC all the Splunk servers but you have to configure their roles in Monitoring Console Setup [Monitoring Console -- Settings -- Setup].
At https://docs.splunk.com/Documentation/Splunk/8.0.1/DMC/DMCoverview you can find all the infos you need to do this.

Ciao.
Giuseppe

kishor_pinjarka
Path Finder
0 Karma

kishor_pinjarka
Path Finder

Also checked, Cluster Master Monitoring Console - Instances dashboard.
They are not showing up there.

0 Karma

kishor_pinjarka
Path Finder

Is it because of different secret key for each - Indexer Cluster and Search Head Cluster?

0 Karma

kishor_pinjarka
Path Finder

Yes, forwarded logs from both Search Heads and Deployer.
Yes, I did role configuration earlier.

Still no luck now. Let me read the docs -https://docs.splunk.com/Documentation/Splunk/7.2.0/DMC/DMCoverview

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...