Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Delete Stanza from Distsearch on Search Head Cluster

klischatb
Path Finder
‎11-24-2020 06:01 AM

Hello to all,
following problem make  some trouble for me, hope u can help.

In a Search-Head-Cluster all Peers have under "splunk/etc/system/local" a distsearch.conf.
There is a Stanza which i want to delete, but after a restart it suddenly appears again.

What i tried was...
- delete Stanza on every peer
- After delete Stanza on every instance restart the cluster (splunk rolling-restart)
- Check deployer for apps

After this, the Stanza appeard again.


Example:
I want this:
[distributedSearch]
servers = https://server1:8089, https://server2:8089, https://server3:8089 

look like this:
[distributedSearch]
servers = https://server1:8089, https://server3:8089 

On my deployer is no app which will affect the distsearch.conf in my SHC.
Normaly an app would go under /splunk/etc/apps.

I Just inherited the Environment and not 100% sure about every connection.

Thank you for your help/comments

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

anilchaithu
Builder
‎11-24-2020 07:28 AM

@klischatb 

 

  • The peers will be added to search head cluster by default when you integrate it with indexer cluster (from cluster master).
  • If you no longer have this peer (server 2), you need to remove it from the indexer cluster and then the cluster master.

 

-- Hope this helps

View solution in original post

Reply
Solved! Jump to solution

klischatb
Path Finder
‎11-25-2020 03:51 AM

I checked some connections today and i found more interesting things:
Server 1 is a Cluster Master ; Server 2 was a Standalone indexer (Not Multiside) ; Server 3 (Still active is a Standalone Indexer too, not Multiside)

I can run searches on the Cluster and on server 3.

whatever, it is not possible to delete server 2 from the Stanza of Distsearch.

0 Karma
Reply
Solved! Jump to solution

klischatb
Path Finder
‎11-24-2020 11:25 PM

@anilchaithu thank you for your help.
I will try this today and report the result.

0 Karma
Reply
Solved! Jump to solution
Solution

anilchaithu
Builder
‎11-24-2020 07:28 AM

@klischatb 

 

  • The peers will be added to search head cluster by default when you integrate it with indexer cluster (from cluster master).
  • If you no longer have this peer (server 2), you need to remove it from the indexer cluster and then the cluster master.

 

-- Hope this helps

Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...