Not finding much on this subject, and looking for a little guidance...
I already have an indexer cluster up and running with (2) indexers in the cluster. Looking to add a new indexer to that pool. From reading it looks like I...
1) enter maintenance mode on the cluster master...
2) up the search factor/replication factor (if desired)...
3) enable indexer clustering on the new indexer and join the indexer to the master (peer node configuration)
4) ensure all indexes are recreated on the new indexer
5) Data rebalance
6) Bring master out of maintenance mode
7) Push out new outputs.conf to forwarders with 3rd indexer info as well
Splunk Enterprise 6.5.0
The process for adding an indexer to a cluster is documented at https://docs.splunk.com/Documentation/Splunk/8.0.1/Indexer/Addclusterpeer . The steps apply to earlier versions of Splunk, not just 8.0.1.
1) install splunk the same way you did for other indexer and enable indexer clustering on the new indexer
-> the indexer join the cluster, get the index list, apps to be deployed on indexers, ... become a target for replication and search head learn that it exist.
2) Push out new outputs.conf to forwarders with 3rd indexer info as well
3) up the search factor/replication factor (if desired)...
4)if needed Data rebalance
If they can't add, are the definitely the same version as the other indexers? Are they the same operating system? Do they have the required ports open for replication and communication to the master? Is there a network route from them to the master and to the other peers? Is there a firewall that needs configured (both on the network and on the host). Are the new indexers using the correct pass4SymmKey? Is there a typo in the name of the clustermaster in server.conf [clustering] stanza?
As a troubleshooting measure, take a look at $SPLUNK_HOME/var/log/splunk/splunkd.log for WARN or ERROR messages concerning clustering on the new indexers. The reason why they can't join will likely be explained there.