Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to verify an index is replicating?

transtrophe
Communicator
‎04-11-2015 04:25 PM

I am trying to verify that certain indexes are replicating across my index cluster. My splunk installation is a distributed deployment with 8 peers composing the index cluster with their master node, 3 search-head cluster members with their deployer, 1 stand-alone s-h running Splunk App for Stream, and 4 forwarders with their deployer server. I have SOS deployed on the shc members and the indexers. I have Splunk App for Stream deployed with App for Stream running on the stand-alone s-h and TA_Stream running on the 4 forwarders with the setuid.sh executed to handle the permissions for the streamfwd binary (I run splunk under the splunk account). All of the stream configurations that I set using the App for Stream UI on the stand-alone search-head are pointing to the MAIN index. The [main] stanza on all my indexers are configured with repFactor = auto (I am going to provide the [main] stanza in a comment after this first posting).

After a moderate amount of troubleshooting this implementation which some of you have likely been following in earlier questions, I finally have a relatively stable platform though I think there are still some issues, the basis of this question about verifying index replication for certain indexes being one of those items I still don't fully understand or see as achieving completely normal operations.

When I run SOS on my shc members and look at the Indexing > Index Replication > Cluster Master View the search query returns indicating that my replication factor = 3, the search factor = 1, Cluster initialization state: Index replication not enabled, and Cluster indexing state: Index replication not enabled.

So how can I confirm that I am actually getting complete replication across my index cluster?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

esix_splunk
Splunk Employee
Splunk Employee
‎04-11-2015 09:45 PM

You should be using the CM to validate RF and SF. The peers themselves dont know, per say, about the rest of the cluster. They check with the CM and it manages replication and search tasking.

Use firebrigade to check actual bucket replication : https://splunkbase.splunk.com/app/1632/. That link is the app, there is also a TA component that is required on the indexers.

If you're building this out to scale in a production environment, you really should reach out to Splunk for Education or Professional Services. Alot of what you are trying to figure out is covered in official training and PS engagements.

View solution in original post

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...