I am setting up Search Head clustering. I am able to run the initialize command but while creating a captain by running bootstrap command
splunk bootstrap shcluster-captain -servers_list ":,:,..."
I am getting error as "splunk does not recognize bootstarp. Please check command or go to Splunk help".
Please let me know why this error occurs as in documentation this command is mentioned
I think what @lguinn is trying to point out is you misspelled bootstRAp. I edited your post and, in all instances except one, you spelled bootstrap as bootstARp. I didn't correct the typo in the error message you provided above because I wanted to clarify something. Did you just copy and paste that error message exactly as it appeared or did you type it manually? If you copy and pasted it, then the error definitely is a misspelling issue.
Sorry for that!! That was a typo from my side. I just wrote that error message, didnt copied. I am trying to give " bootstrap " but still no success. It gives error as "bootstrap is invalid command" . Please help as its very critical for me.
Do i need to install something to run bootstrap or is there any pre-requisite for this command ?
You are right, it is "bootstrap" - in my initial answer I typed "bootstart." I could blame autocorrect, but it is probably my own typing...
Was there an error when you did the init command? It should have looked like
splunk init shcluster-config -mgmt_uri https://thisSH:port -replication_port 9999 –secret shclusterpwd
"thisSH:port" is the name/IP and splunkd port number of the current search head,
"9999" is the number of the replication port for the search head cluster, and
"shclusterpwd" is the password for the search head cluster.
If you are not sure if there was an error, you might want to look at the splunkd.log in the var/log/splunk directory under your Splunk installation directory.
After you have run the "init" command on each of the search heads, you can run the bootstrap command on one of the search heads only. Run the following on the server that you want to become the initial captain
splunk bootstrap shcluster-captain –servers_list https://SH1:port,https://SH2:port,https://SH3:port
Where SH1, SH2 and SH3 are the search heads in the cluster (including the captain) with their splunkd ports.
[And of course these commands should be typed on a single line, although they break into multiple lines here...]
Finally, what OS are you using for your search heads?