Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

What is the impact of a search head cluster deployer failure, and how do I fix the problem?

Steve_G_
Splunk Employee
Splunk Employee
‎03-02-2015 03:39 PM

What problems arise if the deployer fails, and how important is it that I bring up a new deployer immediately? And how do I bring up a new deployer?

Reply
1 Solution
Solved! Jump to solution
Solution

Steve_G_
Splunk Employee
Splunk Employee
‎03-02-2015 03:41 PM

While the deployer is down, you cannot deploy configuration bundle updates, such as apps, to the search head cluster members. Because all cluster members must use the same set of configurations, you must, with few exceptions, ensure that a member does not join or rejoin the cluster while the deployer is down.

If no member joins the cluster and you have no immediate need to push any new configurations, the cluster can continue to operate without a deployer indefinitely.

Otherwise, you must bring up a new deployer before a member joins or rejoins the cluster:

  1. Create a new deployer instance.
  2. Restore the contents of $SPLUNK_HOME/etc/shcluster to the new instance from backup.
  3. If necessary, update the conf_deploy_fetch_url values on all search head cluster members.
  4. Push the restored bundle contents to all members by running the splunk apply shcluster-bundle command.

For details, see http://docs.splunk.com/Documentation/Splunk/6.2.2/DistSearch/PropagateSHCconfigurationchanges#Conseq...

View solution in original post

Reply
Solved! Jump to solution
Solution

Steve_G_
Splunk Employee
Splunk Employee
‎03-02-2015 03:41 PM

While the deployer is down, you cannot deploy configuration bundle updates, such as apps, to the search head cluster members. Because all cluster members must use the same set of configurations, you must, with few exceptions, ensure that a member does not join or rejoin the cluster while the deployer is down.

If no member joins the cluster and you have no immediate need to push any new configurations, the cluster can continue to operate without a deployer indefinitely.

Otherwise, you must bring up a new deployer before a member joins or rejoins the cluster:

  1. Create a new deployer instance.
  2. Restore the contents of $SPLUNK_HOME/etc/shcluster to the new instance from backup.
  3. If necessary, update the conf_deploy_fetch_url values on all search head cluster members.
  4. Push the restored bundle contents to all members by running the splunk apply shcluster-bundle command.

For details, see http://docs.splunk.com/Documentation/Splunk/6.2.2/DistSearch/PropagateSHCconfigurationchanges#Conseq...

Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...