Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

What CLI or configuration files changes are needed to enable a search head to talk to a remote indexer?

danielwan
Explorer
‎03-29-2017 04:35 PM

I am going to install a search head and a indexer on different boxes, how to configure to enable them to talk to each other, any CLI or configuration file for it? Thanks

0 Karma
Reply

woodcock
Esteemed Legend
‎03-29-2017 08:07 PM

It is not entirely necessary to do this through the GUI; you can manually configure a search peer as follows:

On your Search Head, get a copy of this file:

$SPLUNK_HOME/etc/auth/distServerKeys/trusted.pem

Also modify this file and add in the new Indexer (it might be in a different location so poke around):

$SPLUNK_HOME/etc/system/local/distsearch.conf

Also get the hostname of the Search Head with this command:

hostname

On your Indexer(s), go to this directory:

$SPLUNK_HOME/etc/auth/distServerKeys/

Create a directory there named with the name of your Search Head's hostname and put the trusted.pem file from the Search Head there.

P.S. This is copied from a related Q&A that I just answered:

https://answers.splunk.com/answers/514258/search-heads-authentication-credentials-rejected-b.html#an...

0 Karma
Reply
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...