Deployment Architecture

Why is Splunk not able to recognize bootstrap command?


I am setting up Search Head clustering. I am able to run the initialize command but while creating a captain by running bootstrap command

splunk bootstrap shcluster-captain -servers_list ":,:,..."

I am getting error as "splunk does not recognize bootstarp. Please check command or go to Splunk help".

Please let me know why this error occurs as in documentation this command is mentioned

0 Karma


You are right, it is "bootstrap" - in my initial answer I typed "bootstart." I could blame autocorrect, but it is probably my own typing...

Was there an error when you did the init command? It should have looked like

splunk init shcluster-config -mgmt_uri https://thisSH:port -replication_port 9999
–secret shclusterpwd


"thisSH:port" is the name/IP and splunkd port number of the current search head,

"9999" is the number of the replication port for the search head cluster, and

"shclusterpwd" is the password for the search head cluster.

If you are not sure if there was an error, you might want to look at the splunkd.log in the var/log/splunk directory under your Splunk installation directory.

After you have run the "init" command on each of the search heads, you can run the bootstrap command on one of the search heads only. Run the following on the server that you want to become the initial captain

splunk bootstrap shcluster-captain 
–servers_list https://SH1:port,https://SH2:port,https://SH3:port

Where SH1, SH2 and SH3 are the search heads in the cluster (including the captain) with their splunkd ports.

[And of course these commands should be typed on a single line, although they break into multiple lines here...]

Finally, what OS are you using for your search heads?

0 Karma


Because the option is "bootstrap" - I think you have misspelled it.


Thanks for your Reply!! Cross checked it but its bootstrap in Docs

0 Karma


Hi @Sourabhv05

I think what @lguinn is trying to point out is you misspelled bootstRAp. I edited your post and, in all instances except one, you spelled bootstrap as bootstARp. I didn't correct the typo in the error message you provided above because I wanted to clarify something. Did you just copy and paste that error message exactly as it appeared or did you type it manually? If you copy and pasted it, then the error definitely is a misspelling issue.

0 Karma


Hi ppablo,

Sorry for that!! That was a typo from my side. I just wrote that error message, didnt copied. I am trying to give " bootstrap " but still no success. It gives error as "bootstrap is invalid command" . Please help as its very critical for me.
Do i need to install something to run bootstrap or is there any pre-requisite for this command ?

0 Karma
Get Updates on the Splunk Community!

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...