Knowledge Management

Which servers should have the Web Interface enabled in a distributed/clustered environment?

R_B
Path Finder

Hello all,

So I have a distributed/clustered environment. By default, I left all web interfaces enabled on all the servers. However my thought process is if the web interface does not need to be enabled, then it should not be enabled.

In my environment I have these servers:
- License Master (Which is set up as the distributed monitoring console)
- Deployer
- Search Heads
- Cluster Master
- Indexers
- Deployment Server
- Heavy Forwarder

Web interface needs to be enabled on the search heads for searching, enabled on deployment server for forwarder management, and I believe the license master to manage all of the licensing.

However, does the web interface need to be enabled on the deployer, cluster master, indexers, or heavy forwarder — or can all of their functionalities be done through the command line?

Any insight would be appreciated!

Tags (2)
1 Solution

maraman_splunk
Splunk Employee
Splunk Employee

hello,

disable it for sure on indexers, mainly because you wan't all configuration to be consistent in a indexer cluster.

For the rest :
no need on deployer
the web interface is usefull on the cluster master to monitor your cluster and do some operations.
on heavy forwarder, it depends on what app you use.
if you can push all the config via DS on HF -> you can disable web interface
if you have a app such as DBX, Checkpoint, ....it will be probably be better to let the web interface up.
btw , for the license master, you could configure it via files and monitor via Monitoring Console.

View solution in original post

maraman_splunk
Splunk Employee
Splunk Employee

hello,

disable it for sure on indexers, mainly because you wan't all configuration to be consistent in a indexer cluster.

For the rest :
no need on deployer
the web interface is usefull on the cluster master to monitor your cluster and do some operations.
on heavy forwarder, it depends on what app you use.
if you can push all the config via DS on HF -> you can disable web interface
if you have a app such as DBX, Checkpoint, ....it will be probably be better to let the web interface up.
btw , for the license master, you could configure it via files and monitor via Monitoring Console.

R_B
Path Finder

Thank you very much for this insight! That's a good point with the license master, that shouldn't really be needed. Would I be able to monitor the cluster with the monitoring console instead of the cluster master? Or are there things that I can only do from the cluster master web?

0 Karma

Tetonka
Engager

There are a few tasks that are only available with the CM.
Monitor fix up tasks, observe -remove excess buckets, and index specific related tasks.
We added a dashboard in MC that monitors the MC progress for the above mentioned tasks too.
HTHs

0 Karma
Get Updates on the Splunk Community!

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...

Ready, Set, SOAR: How Utility Apps Can Up Level Your Playbooks!

 WATCH NOW Powering your capabilities has never been so easy with ready-made Splunk® SOAR Utility Apps. Parse ...

DevSecOps: Why You Should Care and How To Get Started

 WATCH NOW In this Tech Talk we will talk about what people mean by DevSecOps and deep dive into the different ...