Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to add and configure a new indexer to my Splunk environment?

ppanchal
Path Finder
‎10-03-2016 07:50 AM

Hi, I am new to Splunk and I am planning to add an indexer to our Splunk enterprise environment.
We already have 2 indexers, a search head and a deployment server.

Can somebody please assist me with the docs/steps to install/add a new indexer?

The operating system that we are using is Linux.

Any help is much appreciated.

Reply

muscafe
Explorer
‎07-12-2019 02:53 AM

Hello,

i try to add the indexer in cli to my search Head via :

/opt/splunk/bin/splunk add search-server 192.168.44.148:8089 -remoteUsername *-remotePassword ****

it results this errror :

Your session is invalid. Please login.
Splunk username:

Can you tell me please what's the problem and what's splunk talking about!
Thks

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎10-03-2016 08:16 AM

If you have not clustered indexers, it's very easy:
- install Splunk on the new server,
- add to your search head a new search peer [Settings -- Distributed Search -- Search peer]
- modify outputs.conf of your forwarders to send logs also to the new Indexer: it's easy if you manage outputs.conf using Deployment server, because you have to modify it in only one point, if not, it's more difficult because you have to manually modify outputs.conf in all forwarders .
You can have instructions how to modify outputs.conf at http://docs.splunk.com/Documentation/Forwarder/6.4.3/Forwarder/Configureforwardingwithoutputs.conf

Otherwise, if you have clustered indexers (I don't think because you didn't speak about a Master Node!) see and follow http://docs.splunk.com/Documentation/Splunk/6.4.3/Indexer/Clusterdeploymentoverview because it's more complicated.

Bye.
Giuseppe

Reply

ppanchal
Path Finder
‎10-04-2016 09:24 AM

Thanks, I will try this.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎07-12-2019 04:12 AM

Did you tried?
if you're satisfied by this answer please accept or upvote it.
Bye.
Giuseppe

0 Karma
Reply

muscafe
Explorer
‎07-12-2019 07:41 AM

Hello Giuseppe,
thank you fior your answer!
i have a problem with my certificat because my indexer have not a similaire certificat fo th Search Head!
and it's verry inportant to add the default Port to splunk in the Fierwall!
Have a good week

0 Karma
Reply
Get Updates on the Splunk Community!

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

  Ready to master Kubernetes and cloud monitoring like the pros?Join Splunk’s Growth Engineering team for an ...

Wrapping Up Cybersecurity Awareness Month

October might be wrapping up, but for Splunk Education, cybersecurity awareness never goes out of season. ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

🗣 You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...