Splunk Enterprise

Can new indexes be created on the cluster master using the API, and will it propagate to it's peers?

StephanPCossett
Engager

Hello All,

Another API question. When creating a new index in a clustered environment, it looks like you would normally modify the "indexes.conf' in the “$SPLUNK_HOME/etc/master-apps/_cluster/local” path, and it will propagate to all of the peers in the cluster.

Can this be achieved by calling the "https://splunkhost:8089/services/data/indexes" API endpoint on the cluster master and do the same thing?

Thanks in Advance,
Steve

Tags (1)
0 Karma

deepashri_123
Motivator

Hey@StephanPCossette,

You can refer this answer:
https://answers.splunk.com/answers/387133/how-to-create-index-using-rest-api-in-a-clustered.html

Let me know if this helps!!

StephanPCossett
Engager

Thanks Deepashri,

Appreciate that... I saw this later in the afternoon yesterday and was hoping someone had found another "undocumented" API that supported the index creation on a cluster. Original request was older, so was hoping there was an update as well. We'll most likely go through the machinations to script this with JSch, and then call the API to apply the changes.

Thanks!
Steve

0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.