Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to enable master node on all indexers ?

90509
Engager
‎04-16-2020 05:44 AM

Hi All ,

I am working in cluster environment with 16 prod indexers, and one separate cluster master node.

if I run /opt/splunk/bin/splunk list cluster-peers

if i run the above command in master node command prompt which showing all indexers in the cluster but if run same command on any of the indexers showing master node not enabled.
how to enable master node on each indexer . this case came while synch or pairing indexer with master node.

How to enable master node on all indexers with command line prompt.

0 Karma
Reply

codebuilder
SplunkTrust
SplunkTrust
‎04-17-2020 08:37 AM

This is well documented, but here is the short answer.

Assuming you have already set a pass4SymmKey in the [clustering] stanza on the master, these are the commands you want to run on each of the indexers/peers:

 /opt/splunk/bin/splunk edit cluster-config -mode slave -master_uri https://xx.xxx.xx.xxx:8089 -replication_port 9887 -secret your_key_here

/opt/splunk/bin/splunk restart

Obviously substituting in your master's IP and pass4SymmKey value (in plain text, not the hashed version).

However, I don't personally like this method as it leaved behind the secret in the command history. It's more secure to update server.conf and cycle Splunk, but you asked specifically about the CLI method.

https://docs.splunk.com/Documentation/Splunk/8.0.2/Indexer/ConfigurepeerswithCLI

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma
Reply

90509
Engager
‎04-18-2020 04:02 AM

could you please let me know the reason why it happened . all are in cluster environment with master node if we check from master node to all indexers are in state UP condition but if we check from indexer master node not enabled why this was coming .

one more question i would like to ask , if we ping from master node to indexer the data packets are sending but we check from indexer to master node showing "unknown host" , is it bidirectional or single direction....

0 Karma
Reply

codebuilder
SplunkTrust
SplunkTrust
‎04-18-2020 09:21 AM

If the master shows all peers are "up" then your cluster is healthy.

Running "/opt/splunk/bin/splunk list cluster-peers" is only valid from the master, it is not run on the peers.

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk APM & RUM | Upcoming Planned Maintenance

There will be planned maintenance of the streaming infrastructure for Splunk APM and Splunk RUM in the coming ...

Part 2: Diving Deeper With AIOps

Getting the Most Out of Event Correlation and Alert Storm Detection in Splunk IT Service Intelligence   Watch ...

User Groups | Upcoming Events!

If by chance you weren't already aware, the Splunk Community is host to numerous User Groups, organized ...