Installation
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

deploying a search head cluster using ansible

misha8
Observer
‎07-09-2021 08:54 AM

It seems that there needs to be a search head captain running before new members can be added to a cluster?

We're trying to automate the installation using ansible.  In ansible, we can specify which server to be the captain and its members.  However, if a server (designated to be a member) boots up, it won't be able to bring up the cluster because it isn't the captain?

How do we overcome this?  We need to start up the server running the captain first before we bring up the rest of the members?

Labels (1)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎07-09-2021 09:40 AM

You must start the SHC members first and make them into a cluster.  Only then do you designate one of them to be the Captain.  See https://docs.splunk.com/Documentation/Splunk/8.2.1/DistSearch/SHCdeploymentoverview#Deploy_the_clust...

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

misha8
Observer
‎07-17-2021 02:53 AM

I haven't tried starting a cluster without first starting the captain, is that possible?

When adding member, I would need to specify an existing member uri, so how is that going to work?

splunk add shcluster-member -current_member_uri <URI>:<management_port>

 

Tags (1)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎07-17-2021 02:52 PM

Installing SHC members and making them into a cluster is part of the documented procedures so it must be possible.  You have to have a cluster before selecting a captain.

You can start an existing SHC in any order.  The cluster will choose its own captain.

When creating a new cluster, use the init-shcluster-config command rather than add shcluster-member.  Note that the add shcluster-member command has different parameters for adding a new SH to the cluster vs adding an SH that is be re-added.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk on November 6 at 11AM PT, and empower your SOC to reach new heights! Duration: ...

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...