I am looking for a script to perform the rolling restart of Splunk service on multiple servers from the Centralised server where it has ssh access to the slave servers.
Is anybody have the script?
We need some more info. What version of Splunk, what server type (Searchhead standalone, cluster searchheads, indexer cluster, etc).
If any of this is clustered, and it's the 7.x or 8.x version, you can initiate a SHC rolling restart right from within Splunkweb on any of the SHC members - Settings - Search Head Clustering, then look for the "Begin Rolling Restart" button on the top right.
If it's a peer cluster, you will want to run the rolling restart command from any peer or the ClusterMaster.
This is the easiest and smoothest way to do a Rolling Restart. I would not use any scripts.
Hope this helps,
Hello, is the UF managed via Deployment servers ? If yes, you can restart them when you push a change from Deployment server using restart flag.
If they are not managed by Deployment server, then you can use puppet or chef or ansible depending on your environment to restart UF.