We had Splunk working on a domain and joined a dif...

domino30 · ‎02-09-2023

We had Splunk working on a domain and joined a different domain and then this happend to our search head cluster

richgalloway · ‎02-09-2023

Thanks for sharing. Do you have a question?

The message says "search head cluster", but the screen shot is of an indexer cluster. Obviously, the indexer cluster is borked. Are you also having problems with the SHC?

Tell us more about "joined a different domain". What exactly did you do and how did you do it?

---
If this reply helps you, Karma would be appreciated.

domino30 · ‎02-13-2023

You are right I have got to more specific.

our environment right now is for learning and will lead to a bigger deployment later.

currently we have an EXSI server and we had a DC, but I decided to build another dc as to not mess with the current one. after about a month we wanted to migrate all the machines about 12 from the domain I made to the one that was previously on the Domain controller.'

Thus moving domains. basically, how we moved our windows machine was to disjoin the domain I made and then joined the original domain.

The easy fix is deleting the machines from the exsi and rebuilding splunk.

I have had thought of deleting instance.cfg and running the clear-config command and restarting but I think I did that for all machines involved if that doesn't fix it. Is there something else I should try?

We had Splunk working on a domain and joined a different domain

troubleshooting

using Splunk Enterprise

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

Are you a member of the Splunk Community?