Join the Conversation
- Find Answers
- :
- Splunk Products
- :
- Splunk Enterprise Security
- :
- How to enable master node on all indexers ?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to enable master node on all indexers ?
Hi All ,
I am working in cluster environment with 16 prod indexers, and one separate cluster master node.
if I run /opt/splunk/bin/splunk list cluster-peers
if i run the above command in master node command prompt which showing all indexers in the cluster but if run same command on any of the indexers showing master node not enabled.
how to enable master node on each indexer . this case came while synch or pairing indexer with master node.
How to enable master node on all indexers with command line prompt.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is well documented, but here is the short answer.
Assuming you have already set a pass4SymmKey in the [clustering] stanza on the master, these are the commands you want to run on each of the indexers/peers:
/opt/splunk/bin/splunk edit cluster-config -mode slave -master_uri https://xx.xxx.xx.xxx:8089 -replication_port 9887 -secret your_key_here
/opt/splunk/bin/splunk restart
Obviously substituting in your master's IP and pass4SymmKey value (in plain text, not the hashed version).
However, I don't personally like this method as it leaved behind the secret in the command history. It's more secure to update server.conf and cycle Splunk, but you asked specifically about the CLI method.
https://docs.splunk.com/Documentation/Splunk/8.0.2/Indexer/ConfigurepeerswithCLI
An upvote would be appreciated and Accept Solution if it helps!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
could you please let me know the reason why it happened . all are in cluster environment with master node if we check from master node to all indexers are in state UP condition but if we check from indexer master node not enabled why this was coming .
one more question i would like to ask , if we ping from master node to indexer the data packets are sending but we check from indexer to master node showing "unknown host" , is it bidirectional or single direction....
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If the master shows all peers are "up" then your cluster is healthy.
Running "/opt/splunk/bin/splunk list cluster-peers" is only valid from the master, it is not run on the peers.
An upvote would be appreciated and Accept Solution if it helps!
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
[Puzzles] Solve, Learn, Repeat: Matching cron expressions
Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass
May 2026 Splunk Expert Sessions: Security & Observability
