Deployment Architecture

Splunk Enpterprise - Indexer Cluster issue

kishor_pinjarka
Path Finder

Why I am not able to see Search Heads connection in Cluster Master Monitoring Console - Overview Dashboard (See 1st image)

alt text

However, I did successful connection to Cluster Master from both Search Heads. (See 2nd image)

alt text

I referred below documentation (Integrate the search head cluster with an indexer cluster):
https://docs.splunk.com/Documentation/Splunk/7.2.0/DistSearch/SHCandindexercluster

Background of Architecture:
1 CM,
2 Indexers (Indexer Clustered),
2 Search Heads (Search Head Clustered),
1 Deployer
1 Deployment Server
1 Heavy Forwarder

Splunk Enterprise: 7.2
OS: Centos 7

Splunk License - When you first install a copy of Splunk Enterprise, the installed instance uses a 60 day trial license.

0 Karma
1 Solution

gcusello
Esteemed Legend

Hi @kishor_pinjarkar_ebay,
at first, did you configured all your Splunk servers (also Deployer and Search Heads) to forward their internal logs to Indexers?
Then, you should see in DMC all the Splunk servers but you have to configure their roles in Monitoring Console Setup [Monitoring Console -- Settings -- Setup].
At https://docs.splunk.com/Documentation/Splunk/8.0.1/DMC/DMCoverview you can find all the infos you need to do this.

Ciao.
Giuseppe

View solution in original post

gcusello
Esteemed Legend

Hi @kishor_pinjarkar_ebay,
at first, did you configured all your Splunk servers (also Deployer and Search Heads) to forward their internal logs to Indexers?
Then, you should see in DMC all the Splunk servers but you have to configure their roles in Monitoring Console Setup [Monitoring Console -- Settings -- Setup].
At https://docs.splunk.com/Documentation/Splunk/8.0.1/DMC/DMCoverview you can find all the infos you need to do this.

Ciao.
Giuseppe

kishor_pinjarka
Path Finder
0 Karma

kishor_pinjarka
Path Finder

Also checked, Cluster Master Monitoring Console - Instances dashboard.
They are not showing up there.

0 Karma

kishor_pinjarka
Path Finder

Is it because of different secret key for each - Indexer Cluster and Search Head Cluster?

0 Karma

kishor_pinjarka
Path Finder

Yes, forwarded logs from both Search Heads and Deployer.
Yes, I did role configuration earlier.

Still no luck now. Let me read the docs -https://docs.splunk.com/Documentation/Splunk/7.2.0/DMC/DMCoverview

0 Karma
Get Updates on the Splunk Community!

Set Up More Secure Configurations in Splunk Enterprise With Config Assist

This blog post is part 3 of 4 of a series on Splunk Assist. Click the links below to see the other ...

Observability Highlights | November 2022 Newsletter

 November 2022Observability CloudEnd Of Support Extension for SignalFx Smart AgentSplunk is extending the End ...

Enterprise Security Content Update (ESCU) v3.54.0

The Splunk Threat Research Team (STRT) recently released Enterprise Security Content Update (ESCU) v3.54.0 and ...