Taking off a peer which is already down from singl...

nawazns5038 · ‎04-03-2018

Hi,

A peer was down recently because of some server issues and the buckets re balanced among themselves with the other servers.
I want to remove the peer from the indexer cluster as the the host cannot be used anymore.

And, Splunk is not running and cannot be run as one of the drives that hold the hot data got erased. There was no loss in the cluster as we are using the replication and search factors.

Could you please suggest a method or all the steps needed to remove the peer from a cluster safely.

Thanks,
N

adonio · ‎04-03-2018

hello there,

many answers here in the portal, example:
https://answers.splunk.com/answers/241511/steps-to-remove-a-cluster-member-permanently.html

read here in docs:
http://docs.splunk.com/Documentation/Splunk/7.0.3/Indexer/Removepeerfrommasterlist
http://docs.splunk.com/Documentation/Splunk/7.0.3/Indexer/Takeapeeroffline
read all the way through.

if the indexer is already down, run this command:
splunk offline --enforce-counts

hope it helps

Taking off a peer which is already down from single site cluster

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

What’s New & Next in Splunk SOAR

Are you a member of the Splunk Community?

Taking off a peer which is already down from single site cluster

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

What’s New & Next in Splunk SOAR