Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

search header cluster

wangyu
Loves-to-Learn Lots
‎05-05-2024 10:12 PM

I deployed the search header cluster and also deployed the indexer cluster, and merged the search header cluster and the indexer cluster. After downloading the sample data and uploading it to the indexer, all members of the indexer cluster can search for the uploaded data. When searching for members in the header cluster, there are two that cannot be searched for the uploaded data, and one that can be searched. "Unable to distribute to peer named 192.168.44.159 at uri=192.168.44.159:8089 using the uri scheme=https because peer has status=Down. Verify uri scheme, connectivity to the search peer, that the search peer is up, and that an equivalent level of system resources are available. See the Troubleshooting Manual for more information."

Labels (1)
Labels
0 Karma
Reply

sigma
Path Finder
‎05-16-2024 03:26 PM

Hi,

Did you check sslVersions in authentication.conf and server.conf?
Check that the SSL version is consistent among cluster members.

Regards.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎05-05-2024 10:27 PM

Hi @wangyu ,

did you followed the instructions at https://docs.splunk.com/Documentation/Splunk/9.2.1/Indexer/Clusterdeploymentoverview and https://docs.splunk.com/Documentation/Splunk/9.2.1/DistSearch/SHCdeploymentoverview ?

I suppose that you checked the connections between the members al the required ports:

  • IDX replication: by default 9100,
  • SHC replication 9200,
  • connection between IDXs and Cluster Manager 8089,
  • connection between SHs and Deployer 8089,
  • connection between SHs and IDXs 8089.

Then, how many SHs do you have in your SHC? they must be at least 3.

Ciao.

Giuseppe

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎05-06-2024 12:39 AM

Hi

Have you done this on all SHC members?

Configure each search head cluster member as a search head on the indexer cluster. Use the CLI splunk edit cluster-config command. For example:

https://docs.splunk.com/Documentation/Splunk/latest/DistSearch/SHCandindexercluster

One correction for those default ports. There is no default ports (or alt least earlier haven't been) for IDX replication or SHC replication. There are some commonly used ports, those are not default, you must always define those manually in CLI, conf files or in GUI!

r. Ismo 

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...