Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Script for rolling restart of Splunk service on linux multiple servers?

arunsunny
Path Finder
‎01-08-2020 08:57 AM

Hi

I am looking for a script to perform the rolling restart of Splunk service on multiple servers from the Centralised server where it has ssh access to the slave servers.

Is anybody have the script?

Thanks,
Arun Sunny

Labels (1)
Labels
0 Karma
Reply

BainM
Communicator
‎01-08-2020 10:02 AM

Hello-
We need some more info. What version of Splunk, what server type (Searchhead standalone, cluster searchheads, indexer cluster, etc).

If any of this is clustered, and it's the 7.x or 8.x version, you can initiate a SHC rolling restart right from within Splunkweb on any of the SHC members - Settings - Search Head Clustering, then look for the "Begin Rolling Restart" button on the top right.

If it's a peer cluster, you will want to run the rolling restart command from any peer or the ClusterMaster.
https://docs.splunk.com/Documentation/Splunk/8.0.1/Indexer/Userollingrestart

This is the easiest and smoothest way to do a Rolling Restart. I would not use any scripts.

Hope this helps,
Mike

0 Karma
Reply

arunsunny
Path Finder
‎01-09-2020 01:34 AM

I am looking at the rolling restart of the endpoint agents. (It's Just a Splunk universal forwarder agent installed on all the endpoints)

0 Karma
Reply

badrinath_itrs
Communicator
‎01-09-2020 01:38 AM

Hello, is the UF managed via Deployment servers ? If yes, you can restart them when you push a change from Deployment server using restart flag.

If they are not managed by Deployment server, then you can use puppet or chef or ansible depending on your environment to restart UF.

0 Karma
Reply

arunsunny
Path Finder
‎01-09-2020 01:42 AM

Yes, it's all managed by DS but I do not want to restart them at the same time. So I am looking for a script where it does the rolling restart in this case.

0 Karma
Reply

soumyasaha25
Contributor
‎01-09-2020 02:26 PM

you can create custom server classes and push your configs one at a time (individually for each server class).

0 Karma
Reply

arunsunny
Path Finder
‎02-13-2020 01:58 AM

@soumyasaha25 - I have around 50 endpoints so I can not create 50 serverclass. I am looking for a better approach to push the configs.

0 Karma
Reply

Skerilyo
Loves-to-Learn
‎04-05-2023 02:11 AM

Hi, did you find any viable solution to this problem ?

0 Karma
Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...