Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk Enpterprise - Indexer Cluster issue

kishor_pinjarka
Path Finder
‎01-08-2020 01:01 AM

Why I am not able to see Search Heads connection in Cluster Master Monitoring Console - Overview Dashboard (See 1st image)

alt text

However, I did successful connection to Cluster Master from both Search Heads. (See 2nd image)

alt text

I referred below documentation (Integrate the search head cluster with an indexer cluster):
https://docs.splunk.com/Documentation/Splunk/7.2.0/DistSearch/SHCandindexercluster

Background of Architecture:
1 CM,
2 Indexers (Indexer Clustered),
2 Search Heads (Search Head Clustered),
1 Deployer
1 Deployment Server
1 Heavy Forwarder

Splunk Enterprise: 7.2
OS: Centos 7

Splunk License - When you first install a copy of Splunk Enterprise, the installed instance uses a 60 day trial license.

Preview file
1 KB
Preview file
1 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎01-08-2020 01:08 AM

Hi @kishor_pinjarkar_ebay,
at first, did you configured all your Splunk servers (also Deployer and Search Heads) to forward their internal logs to Indexers?
Then, you should see in DMC all the Splunk servers but you have to configure their roles in Monitoring Console Setup [Monitoring Console -- Settings -- Setup].
At https://docs.splunk.com/Documentation/Splunk/8.0.1/DMC/DMCoverview you can find all the infos you need to do this.

Ciao.
Giuseppe

View solution in original post

Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎01-08-2020 01:08 AM

Hi @kishor_pinjarkar_ebay,
at first, did you configured all your Splunk servers (also Deployer and Search Heads) to forward their internal logs to Indexers?
Then, you should see in DMC all the Splunk servers but you have to configure their roles in Monitoring Console Setup [Monitoring Console -- Settings -- Setup].
At https://docs.splunk.com/Documentation/Splunk/8.0.1/DMC/DMCoverview you can find all the infos you need to do this.

Ciao.
Giuseppe

Reply
Solved! Jump to solution

kishor_pinjarka
Path Finder
‎01-08-2020 06:09 PM

I missed this step - https://docs.splunk.com/Documentation/Splunk/8.0.1/DMC/Addinstancesassearchpeers

Now it's working fine.

0 Karma
Reply
Solved! Jump to solution

kishor_pinjarka
Path Finder
‎01-08-2020 01:48 AM

Also checked, Cluster Master Monitoring Console - Instances dashboard.
They are not showing up there.

0 Karma
Reply
Solved! Jump to solution

kishor_pinjarka
Path Finder
‎01-08-2020 01:49 AM

Is it because of different secret key for each - Indexer Cluster and Search Head Cluster?

0 Karma
Reply
Solved! Jump to solution

kishor_pinjarka
Path Finder
‎01-08-2020 01:45 AM

Yes, forwarded logs from both Search Heads and Deployer.
Yes, I did role configuration earlier.

Still no luck now. Let me read the docs -https://docs.splunk.com/Documentation/Splunk/7.2.0/DMC/DMCoverview

0 Karma
Reply
Get Updates on the Splunk Community!

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...