Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

What do the status flags mean in a Search Head Cluster?

mciudad
Explorer
‎09-23-2016 04:25 AM

When showing the Search Head Cluster status, we get something similar to this:

./splunk show shcluster-status

 Captain:
                  dynamic_captain : 0
                  elected_captain : Fri Sep 23 09:00:37 2016
                               id : B997E10B-0E99-4363-9887-66DE2BF8C379
                 initialized_flag : 1
                            label : shcaptain.cdn
                         mgmt_uri : https://10.17.240.141:8089
            min_peers_joined_flag : 1
             rolling_restart_flag : 0
               service_ready_flag : 1

But I'm having trouble finding documentation on that output.
- What's the difference between "initialized_flag" and "service_ready_flag"?
- What are the conditions for these flags to be 0 or 1?
- How many peers have to join for the "min_peers_joined_flag" to be 1? By "peers" it mean Splunk Indexers or members of the Search Head Cluster?

Thanks!

0 Karma
Reply

JamieTaschetti
New Member
‎10-25-2017 06:03 AM

That didnt answer the question of the init flag vs service flag

0 Karma
Reply

sowings
Splunk Employee
Splunk Employee
‎03-08-2017 07:36 PM

min_peers_joined_flag is true when there are at least as many search head peers as the replication_factor.

service_ready_flag is true when everything is up and running as expected "ready to go!"

dynamic_captain is true if the captain is selected by elections. If it's shown as 0, this is because you've assigned a static captain (no elections).

rolling_restart_flag is true when a rolling restart (either manual, or required by a "apply shcluster-bundle" from the deployer).

Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...