Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

search header cluster

wangyu
Loves-to-Learn Lots
‎05-05-2024 10:12 PM

I deployed the search header cluster and also deployed the indexer cluster, and merged the search header cluster and the indexer cluster. After downloading the sample data and uploading it to the indexer, all members of the indexer cluster can search for the uploaded data. When searching for members in the header cluster, there are two that cannot be searched for the uploaded data, and one that can be searched. "Unable to distribute to peer named 192.168.44.159 at uri=192.168.44.159:8089 using the uri scheme=https because peer has status=Down. Verify uri scheme, connectivity to the search peer, that the search peer is up, and that an equivalent level of system resources are available. See the Troubleshooting Manual for more information."

Labels (1)
Labels
0 Karma
Reply

sigma
Path Finder
‎05-16-2024 03:26 PM

Hi,

Did you check sslVersions in authentication.conf and server.conf?
Check that the SSL version is consistent among cluster members.

Regards.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎05-05-2024 10:27 PM

Hi @wangyu ,

did you followed the instructions at https://docs.splunk.com/Documentation/Splunk/9.2.1/Indexer/Clusterdeploymentoverview and https://docs.splunk.com/Documentation/Splunk/9.2.1/DistSearch/SHCdeploymentoverview ?

I suppose that you checked the connections between the members al the required ports:

  • IDX replication: by default 9100,
  • SHC replication 9200,
  • connection between IDXs and Cluster Manager 8089,
  • connection between SHs and Deployer 8089,
  • connection between SHs and IDXs 8089.

Then, how many SHs do you have in your SHC? they must be at least 3.

Ciao.

Giuseppe

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎05-06-2024 12:39 AM

Hi

Have you done this on all SHC members?

Configure each search head cluster member as a search head on the indexer cluster. Use the CLI splunk edit cluster-config command. For example:

https://docs.splunk.com/Documentation/Splunk/latest/DistSearch/SHCandindexercluster

One correction for those default ports. There is no default ports (or alt least earlier haven't been) for IDX replication or SHC replication. There are some commonly used ports, those are not default, you must always define those manually in CLI, conf files or in GUI!

r. Ismo 

0 Karma
Reply
Get Updates on the Splunk Community!

Industry Solutions for Supply Chain and OT, Amazon Use Cases, Plus More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...

Index This | Divide 100 by half. What do you get?

November 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...