Join the Conversation
- Find Answers
- :
- Splunk Products
- :
- Splunk Enterprise
- :
- Re: Master node shows up as Search head
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Master node shows up as Search head
I have defined a cluster as follows:
Splunk-mstb (cluster master)
|
Splunkb (Search head in the cluster)
|
splunk-idxb
|
splunk-fwdb
and both my Splunkb and splunk-mstb show up as search heads.
My server.conf only has the following in it:
[clustering]
mode = master
How can I remove the errant Search head entry (and from where)?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There is no overlap between msta and mstb clusters.
All the VM names are correct (as well as the names within the Splunk instance). I have built the clusters but not defined any indexes yet.
The GUI in the cluster, msta, shows the correct indexer peers (idxa and idxc) and search head (splunka)
The GUI in the cluster, mstb, shows the correct index peer (idxb) and two search heads (mstb and splunkb).
If i was getting similar behavior in both clusters it would not cause concern.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
dif2175509,
When you configure the indexer cluster, cluster master will show up as one of the search heads. This is default behavior.In this case you can use the master node for the troubleshooting purposes and not really for production searches.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have a second cluster defined:
Splunk-msta (cluster master)
|
Splunka (Search head in the cluster)
| |
splunk-idxa & splunk-idxc
|
splunk-fwda
and only splunka shows up as search heads (not splunka and splunk-msta).
Why do i not see same behavior with this cluster?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are you sure of the configurations on this cluster where you don't see Cluster master as the search head?
Do you see the cluster enabled when you login to the Cluster Master GUI? is the master configured with correct mode? your hostnames overlap between first and second cluster.. hopefully you have the right names in the configurations
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions
Splunk Community Badges!
[Puzzles] Solve, Learn, Repeat: Matching cron expressions
