Hi,
Sorry this could be a bit of a newb question, but I've spent a good few hours on this one and haven't managed to work it out. I've got some linux VMs that are all accessible through port translations in my VM configuration for ssh and splunk web. What I'm trying to do is create an indexer cluster with 3 indexing peers, a cluster master and a search head so I've been following the instructions in the splunk docs.
So I configure the master, then move on to the slaves. What happened was, as soon as I restarted splunk on those slaves, they would come back up but with no splunk web. I just end up with this forever:
Waiting for web server at http://127.0.0.1:8000 to be available...................................
As soon as I change it back to being standalone (not an index slave and no peering), then restart, it comes straight up no problem. Thought I might have configured it incorrectly, but I've done it through the gui, the cli and editing the server.conf file and get the same each time. Thought a port conflict, but couldn't see one. Tried changing them anyway and no luck. Doesn't seem to be permissions either as starting as root has same outcome.
I did see one article here that suggested that you can't run splunkweb on a cluster member, but the docs seems to say you should be able to jump straight back onto it once it comes back up from restart. Looking for some advice on this before spending any more time on it. Nothing at all in the linux or splunk logs.
Thanks.
Hi @vijay_n,
Is it possible that you are using port 8000 as a replication port in your server.conf clustering stanza? If so please change to something else and try again.
Hi
you could run splunk web also on peers, but it’s against best practices.
You should found reason for, why splunk web didn’t start from your server logs. Just look it from file system.
r. Ismo