Splunk Enterprise

How to connect a SHC to Indexer cluster?

vinothkumark
Path Finder

Hi All,

I need to connect a new indexer cluster which are in GCP to an existing splunk SHC. I read the below document.

Integrate the search head cluster with an indexer cluster - Splunk Documentation

Integrate with a single-site indexer cluster

Do I need to execute on all the SHC and then do a rolling restart? OR I need to execute on one SH, perform the restart and then follow the same on other SH? also, do I need to start with captain or non-captain?

There is one more way, via GUI part:

Enable the search head - Splunk Documentation

It didn't mention whether I need to apply this on only one SH which is in cluster or on all the SH. can anyone help me with this? Thanks. 


0 Karma

burwell
SplunkTrust
SplunkTrust

Hi. The way we do it is with an app that we put on the Splunk deployer in a special app e.g. /opt/splunk/etc/shcluster/apps/my_idxcluster/default/server.conf

Next we deploy  the app to the search head cluster members. The deployer will determine whether a rolling restart of the heads is needed.

So we follow this https://docs.splunk.com/Documentation/Splunk/9.0.4/Indexer/Configuresearchheadwithserverconf

For example this goes in /opt/splunk/etc/shcluster/apps/my_idxcluster/default/server.conf

[clustering]
manager_uri = https://indexer_cluster_manager_url:8089
mode = searchhead
pass4SymmKey = whatever

 

isoutamo
SplunkTrust
SplunkTrust

Here are instructions for connecting to multiple clusters both single and multi sites. https://docs.splunk.com/Documentation/Splunk/9.0.4/Indexer/Configuremulti-clustersearch

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...