Deployment Architecture

Why is Splunk not able to recognize bootstrap command?


I am setting up Search Head clustering. I am able to run the initialize command but while creating a captain by running bootstrap command

splunk bootstrap shcluster-captain -servers_list ":,:,..."

I am getting error as "splunk does not recognize bootstarp. Please check command or go to Splunk help".

Please let me know why this error occurs as in documentation this command is mentioned

0 Karma


You are right, it is "bootstrap" - in my initial answer I typed "bootstart." I could blame autocorrect, but it is probably my own typing...

Was there an error when you did the init command? It should have looked like

splunk init shcluster-config -mgmt_uri https://thisSH:port -replication_port 9999
–secret shclusterpwd


"thisSH:port" is the name/IP and splunkd port number of the current search head,

"9999" is the number of the replication port for the search head cluster, and

"shclusterpwd" is the password for the search head cluster.

If you are not sure if there was an error, you might want to look at the splunkd.log in the var/log/splunk directory under your Splunk installation directory.

After you have run the "init" command on each of the search heads, you can run the bootstrap command on one of the search heads only. Run the following on the server that you want to become the initial captain

splunk bootstrap shcluster-captain 
–servers_list https://SH1:port,https://SH2:port,https://SH3:port

Where SH1, SH2 and SH3 are the search heads in the cluster (including the captain) with their splunkd ports.

[And of course these commands should be typed on a single line, although they break into multiple lines here...]

Finally, what OS are you using for your search heads?

0 Karma


Because the option is "bootstrap" - I think you have misspelled it.


Thanks for your Reply!! Cross checked it but its bootstrap in Docs

0 Karma


Hi @Sourabhv05

I think what @lguinn is trying to point out is you misspelled bootstRAp. I edited your post and, in all instances except one, you spelled bootstrap as bootstARp. I didn't correct the typo in the error message you provided above because I wanted to clarify something. Did you just copy and paste that error message exactly as it appeared or did you type it manually? If you copy and pasted it, then the error definitely is a misspelling issue.

0 Karma


Hi ppablo,

Sorry for that!! That was a typo from my side. I just wrote that error message, didnt copied. I am trying to give " bootstrap " but still no success. It gives error as "bootstrap is invalid command" . Please help as its very critical for me.
Do i need to install something to run bootstrap or is there any pre-requisite for this command ?

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...