Deployment Architecture
Provide Splunk Cloud feedback in this confidential UX survey by June 17
for a chance to win a $200 Amazon gift card!

search head cluster with ansible and kubernetese

sarit_s
Communicator

Hello
how can i configure search heade cluster with ansible and kubernetese ?

this is my configuration :

splunk-chart: namespace:
dev-aviation-01 persistence:
search:
dataSize: 50Gi
configSize: 10Gi
master:
dataSize: 50Gi
configSize: 10Gi
indexer:
dataSize: 250Gi
configSize: 10Gi app:

configs:
enabled: true
## The image must contain 'indexer','master', and 'search' dirs
in /data
image:
repository: gcr.io/argussec1/splunk-aviation-configs
tag: 2.3.0
env:
- name: SPLUNK_BEFORE_START_CMD
value: sudo rm /opt/splunk/var/lib/splunk/kvstore/mongo/mongod.lock
indexer:
replicas: 1

resources:
requests:
memory: 4Gi
cpu: 1
limits:
memory: 8Gi
cpu: 4

 # default configuration loaded by splunk, exposed by nginx  

splunkDefaults:
defaultYml:
ansible_post_tasks: null
ansible_pre_tasks: null
config:
baked: default.yml
defaults_dir: /tmp/defaults
env:
headers: null
var: SPLUNK_DEFAULTS_URL
verify: true
host:
headers: null
url: null
verify: true
max_delay: 60
max_retries: 3
max_timeout: 1200
hide_password: false
retry_num: 50
shc_bootstrap_delay: 30
splunk:
admin_user: admin
allow_upgrade: true
app_paths:
default: /opt/splunaviationtc/apps
deployment: /opt/spaviationk/etc/deployment-apps
httpinput: /opt/splaviation/etc/apps/splunk_httpinput
idxc: /opt/splunk/eaviationmaster-apps
shc: /opt/splunk/etaviationhcluster/apps
enable_service: false
exec: /opt/splunk/bin/splunk
group: splunk
hec_disabled: 0
hec_enableSSL: 0
hec_port: 8088
hec_token: ea `` home: /opt/splunk
http_enableSSL: 0
http_enableSSL_cert: null
http_enableSSL_privKey: null
http_enableSSL_privKey_password: null
http_port: 8000
idxc:
enable: false
label: idxc_label
replication_factor: 3
replication_port: 9887
search_factor: 3
secret: T
ignore_license: false
license_download_dest: /tmp/splunk.lic
nfr_license: /tmp/nfr_enterprise.lic
opt: /opt
password: "" #overriden in the environment variables
pid: /opt/splunk/var/run/splunk/splunkd.pid
s2s_enable: true
s2s_port: 9997
search_head_cluster_url: null
secret: null
shc:
enable: false
label: shc_label
replication_factor: 3
replication_port: 9887
secret: C
smartstore: null
svc_port: 8089
tar_dir: splunk
user: splunk
wildcard_license: false
conf:
server:
directory: /opt/splunk/etc/system/local
content:
clustering:
summary_replication : true
splunk_home_ownership_enforcement:
true

but i don't see any cluster or even more than 1 SH...
what am i missing ?

0 Karma

anmolpatel
Builder

why setup your own ansible when splunk has made it open source:
https://github.com/splunk/splunk-ansible

0 Karma

sarit_s
Communicator

i used this
but i don't see the search heads iv'e added
i guess im missing something but i cant tell what
after configuring the ansible should i configure something else in splunk ? where should i check to see that the cluster is up and running ?

0 Karma
Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!