Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk-Operator Indexer Cluster Access Issues

ZimmermanC1
Explorer
‎10-03-2024 05:17 PM

I am testing out the Splunk Operator Helm chart to deploy a C3 architecture Splunk instance. At the moment everything deploys without errors, My cluster manager will pull and install apps via the AppFramework config, and SmartStore is receiving data from the indexer cluster.

However, after creating ingress objects for each Splunk instance in the deployment (LM, CM, MC, SHC, IDXC) I have been able to successfully log into every WebGUI except for the indexer cluster.

The behavior I am experience is basically like getting kicked out of the GUI the second I type the username and password then hit enter. The web page refreshes and I am back at the log in screen.

I double checked that the Kubernetes secret containing the admin password is the same for all of the Splunk instances, and also intentionally typed in a bad password and got a login failed message instead of the screen refresh I get when entering the correct password.

I am not really sure how to go about troubleshooting this. I searched through the _internal index but didn't come up with a smoking gun.

Labels (1)
Labels
0 Karma
Reply

dural_yyz
Motivator
‎10-08-2024 08:07 AM

Not sure what is happening with your log in attempts but in reality I highly recommend you do not enable WebGUI on any indexer.  The cluster should only be managed by the CM since with the WebGUI the ability for configurations to get out of sync is a very high risk.

Reply

ZimmermanC1
Explorer
‎10-08-2024 08:15 AM

Thanks for the response, and I absolutely agree. Enabling the ingress was purely for testing purposes and I have no intention of doing this in the final deployment.

I was able to figure out my issue, had I thoroughly read the Splunk docs about clustering I would caught a small section that says when using an L7 load balancer you need to ensure the LB configuration utilizes sticky/persistent user sessions.

So essentially what was happening is I would get the login screen from idx-0 and when I would hit enter it would make a new get request and the LB would round robin the request to a different indexer pod which I had not logged into.

0 Karma
Reply
Get Updates on the Splunk Community!

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...