Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

What is the impact of a search head cluster deployer failure, and how do I fix the problem?

Steve_G_
Splunk Employee
Splunk Employee
‎03-02-2015 03:39 PM

What problems arise if the deployer fails, and how important is it that I bring up a new deployer immediately? And how do I bring up a new deployer?

Reply
1 Solution
Solved! Jump to solution
Solution

Steve_G_
Splunk Employee
Splunk Employee
‎03-02-2015 03:41 PM

While the deployer is down, you cannot deploy configuration bundle updates, such as apps, to the search head cluster members. Because all cluster members must use the same set of configurations, you must, with few exceptions, ensure that a member does not join or rejoin the cluster while the deployer is down.

If no member joins the cluster and you have no immediate need to push any new configurations, the cluster can continue to operate without a deployer indefinitely.

Otherwise, you must bring up a new deployer before a member joins or rejoins the cluster:

  1. Create a new deployer instance.
  2. Restore the contents of $SPLUNK_HOME/etc/shcluster to the new instance from backup.
  3. If necessary, update the conf_deploy_fetch_url values on all search head cluster members.
  4. Push the restored bundle contents to all members by running the splunk apply shcluster-bundle command.

For details, see http://docs.splunk.com/Documentation/Splunk/6.2.2/DistSearch/PropagateSHCconfigurationchanges#Conseq...

View solution in original post

Reply
Solved! Jump to solution
Solution

Steve_G_
Splunk Employee
Splunk Employee
‎03-02-2015 03:41 PM

While the deployer is down, you cannot deploy configuration bundle updates, such as apps, to the search head cluster members. Because all cluster members must use the same set of configurations, you must, with few exceptions, ensure that a member does not join or rejoin the cluster while the deployer is down.

If no member joins the cluster and you have no immediate need to push any new configurations, the cluster can continue to operate without a deployer indefinitely.

Otherwise, you must bring up a new deployer before a member joins or rejoins the cluster:

  1. Create a new deployer instance.
  2. Restore the contents of $SPLUNK_HOME/etc/shcluster to the new instance from backup.
  3. If necessary, update the conf_deploy_fetch_url values on all search head cluster members.
  4. Push the restored bundle contents to all members by running the splunk apply shcluster-bundle command.

For details, see http://docs.splunk.com/Documentation/Splunk/6.2.2/DistSearch/PropagateSHCconfigurationchanges#Conseq...

Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...