Deployment Architecture

When adding peer node servers in server.conf, do I write the indexer master host name or the peer host name?

Prakhar_shukla
Path Finder

i have enable the peer servers as slave by adding config in server.conf.
my first question is - do we write master host name or peer host name in server.conf?

so far, my set up is like , i have installed Splunk Enterprise in multiple servers. i have enable server 1 as cluster master and enabled it as master. now i am trying to add Peers to it. server 2 and 3 are my peer.

here is server.conf from peer node -

[clustering]
master_uri = https://:8089 
mode = slave 
pass4SymmKey = secretKey 

i was confused if host name should be of master or peer. i tried of masters and added it, but when trying to add the other one, its saying error ' server name (master) is already added as peer and up.'

0 Karma
1 Solution

adonio
Ultra Champion

server.conf on Cluster Master named Master

[clustering]
mode = master
replication_factor = <REP_FACTOR>
search_factor = <SEARCH_FACTOR>
pass4SymmKey = passwords

server.conf on Peers (Indexers)

[clustering]
mode = slave
master_uri = https://Master:8089
pass4SymmKey = password
[replication_port://<PORT_NUM>]
disabled = false

server.conf on search head
[clustering]
mode = searchhead
master_uri = https://Master:8089
pass4SymmKey = password

Hope it helps

View solution in original post

0 Karma

adonio
Ultra Champion

server.conf on Cluster Master named Master

[clustering]
mode = master
replication_factor = <REP_FACTOR>
search_factor = <SEARCH_FACTOR>
pass4SymmKey = passwords

server.conf on Peers (Indexers)

[clustering]
mode = slave
master_uri = https://Master:8089
pass4SymmKey = password
[replication_port://<PORT_NUM>]
disabled = false

server.conf on search head
[clustering]
mode = searchhead
master_uri = https://Master:8089
pass4SymmKey = password

Hope it helps

0 Karma

Prakhar_shukla
Path Finder

thanks for quick reply.
my question is ...in peer's server.conf you mentioned
master_uri = https://Master:8089

what is master ? if it is host address of the cluster master?

2) i even tried to add my 2nd peer with suggested config and i am getting error something like -
"can not add peer, server name = master ip- X:X:X:X is added as peer and UP already."

why this error is coming?

0 Karma

Prakhar_shukla
Path Finder

ok, here it is. i have 2 peers. Peer1 and Peer2.
i have added the peer1 as suggested above config and its added and showing in master webpage. point is Peer name in master's webpage is exactly same as master's FQDN.

Now i am trying to add peer2 with same config as of peer1 and its saying error " cant not add peer, server name = master ip x:x:x:x is added and UP already"

0 Karma

adonio
Ultra Champion

you have to put either the ip or the fqdn of the Cluster Master. in the example above, i named it "Master"
you are getting the error since you already added that peer, or you gave an instance 2 roles

0 Karma

Prakhar_shukla
Path Finder

ok, i have 2 peers says abc1.com and pqr.com.

i have added abc1.com with the config you suggested and it is added in master and i can see it. but the Peer Name is master webpage is exactly same as of master FQDN. ( thats 1 problem)

Now i am trying to add pqr.com with exactly similat config as of abc1.com and its saying in master page that its been already added and UP.

0 Karma

adonio
Ultra Champion

so, 3 machines - > 1 is master lets call it my.cluster.master
2 peers (indexers) -> Indexer A is abc.com Indexer B is def.com
the configurations on indexers have to be the same
[clustering]
mode = slave
master_uri = https://my.cluster.master:8089
pass4SymmKey = password
[replication_port://]
disabled = false

0 Karma

Prakhar_shukla
Path Finder

ok. actually i have 10 machines, its just i am starting to do the set up. so cluster master is ok and 1 peer is ok. but 2nd peer when adding getting error. its already added and UP.

what about this error.

0 Karma

adonio
Ultra Champion

try and remove the configs under [clustering] stanza including the stanza itself, restart splunk and then add the configurations back to server.conf
then restart one more time

0 Karma

Prakhar_shukla
Path Finder

sure thing, thanks.

0 Karma

Prakhar_shukla
Path Finder

and is it correct - 1st peer that is in master showing Peer Name as master's FQDN?

0 Karma

adonio
Ultra Champion

something is off.
try and remove all [clustering] stanzas from all instances. in other words, disable clustering and restart all splunk instances. Now start with the cluster master and put the config in server.conf -> restart. then place the configurations for peers in each peer and restart. you can also do it from GUI, it might be easier. just navigate to settings -> indexer clustering -> click enable clustering and fill the blanks

0 Karma

Prakhar_shukla
Path Finder

ok, i tried that earlier.
IN GUI, when adding peer, it ask for master URI, so if we put cluster master's IP/FQDN then how come it will know which peer is being added.
eventually it was showing me Peer Name as cluster's FQDN thats why switched to CLI way.

0 Karma

adonio
Ultra Champion

maybe its not clear enough.
master uri is the address (ip or fqdn) of the Cluster Master. you have to set it only on the indexers not on the Cluster Master itself.
first, enable clustering on the master and set rep factor search factor and pass4symmkey
then restart.
now go to the peers (Indexers) and add them one by one by enabling clustering and putting the Cluster Master as master_uri
the peer will connect to the master and will tell it, "hey i am peer abc.com"

0 Karma

Prakhar_shukla
Path Finder

Sorry for duplicate comments !!

0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...