- Splunk Answers
- :
- Splunk Administration
- :
- Knowledge Management
- :
- How can enable kvstore monitoring for seach head c...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
We have a search head cluster with three members, as you know all members have same "default host name".
When I try to enable KVStore monitoring in monitoring console it says "Duplicate instance name. Ensure each instance has a unique instance (host) name." But because they are member of search head cluster I can't assign unique name to each one.
How can I enable KVStore monitoring for search head cluster members?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @mahboubi66 ,
In order to have the search head cluster working properly, you have to name each server with a unique name, you should not have duplicated name. Should be server1, server2 and server3 as a sample, after you rename the servers, please restart splunk service.
In the top of splunk search head cluster, a load balancer have to be setup with the 3 servers fqdn. The load balancer will forwarder the traffic to each server accordingly, so when the users type the url on the browser, the load balancer will know which servers to send the user request and allow users to connect and run their reports.
Check this link for SHCluster architecture : https://docs.splunk.com/Documentation/Splunk/8.1.0/DistSearch/SHCarchitecture
After you rename all those servers and restart splunk service, the kvstore should start properly.
In order to troubleshoot the kvstore, please check this link here: https://docs.splunk.com/Documentation/Splunk/8.1.0/Admin/TroubleshootKVstore
I hope this can help you, if so, please accept the answer.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @mahboubi66 ,
In order to have the search head cluster working properly, you have to name each server with a unique name, you should not have duplicated name. Should be server1, server2 and server3 as a sample, after you rename the servers, please restart splunk service.
In the top of splunk search head cluster, a load balancer have to be setup with the 3 servers fqdn. The load balancer will forwarder the traffic to each server accordingly, so when the users type the url on the browser, the load balancer will know which servers to send the user request and allow users to connect and run their reports.
Check this link for SHCluster architecture : https://docs.splunk.com/Documentation/Splunk/8.1.0/DistSearch/SHCarchitecture
After you rename all those servers and restart splunk service, the kvstore should start properly.
In order to troubleshoot the kvstore, please check this link here: https://docs.splunk.com/Documentation/Splunk/8.1.0/Admin/TroubleshootKVstore
I hope this can help you, if so, please accept the answer.
Enterprise Security Content Update (ESCU) | New Releases
Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest
We’ve Got Education Validation!
