Deployment Architecture

What secret key do you use to add a new search head to a SHC, and what secret key do you use to add the new search head?

Glasses2
Communicator

Hi, 

I want to add a new Search Head to my existing 3 node SHC.

My question is regarding the initialization step.

 

splunk init shcluster-config -auth <username>:<password> -mgmt_uri <URI>:<management_port> -replication_port <replication_port> -replication_factor <n> -conf_deploy_fetch_url <URL>:<management_port> -secret <security_key> -shcluster_label <label

 

 

-secret <security_key>  

IF I look in the server.conf on an existing SHC member you can find the pass4SymmKey

[shclustering]

pass4SymmKey = $9$dkjajkldjaj--

But I have the original secret that was used to create the pass4SymmKey

e.g. password1234

Which do I use?

 

And when I added the IDX cluster to the new SHC node, do I use the pass4SymmKey or the original secret?

Thank you!

Labels (2)
0 Karma
1 Solution

Glasses2
Communicator

apparently the "clear text version" is what I needed.

View solution in original post

0 Karma

Glasses2
Communicator

apparently the "clear text version" is what I needed.

0 Karma

Glasses2
Communicator

The reason I asked this is bc someone posted videos showing to use the encrypted pass4Symm key, rather than the clear.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...