Solved: Re: Who manages Splunk Captain and how?

nihar3012 · ‎01-12-2022

Who manages Splunk Captain and how?

richgalloway · ‎01-12-2022

Usually, the Search Head Cluster (SHC) Captain is not managed at all. The SHC members select a Captain automatically using a modified RAFT algorithm. You can manually designate a Captain, at which point you become the manager. See https://docs.splunk.com/Documentation/Splunk/8.2.4/DistSearch/SHCarchitecture#Search_head_cluster_ca...for more information.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎01-12-2022

Usually, the Search Head Cluster (SHC) Captain is not managed at all. The SHC members select a Captain automatically using a modified RAFT algorithm. You can manually designate a Captain, at which point you become the manager. See https://docs.splunk.com/Documentation/Splunk/8.2.4/DistSearch/SHCarchitecture#Search_head_cluster_ca...for more information.

---
If this reply helps you, Karma would be appreciated.

isoutamo · ‎01-13-2022

Hi

couple of articles & visualization about RAFT.

As @richgalloway said, usually SHC is automatically maintained. If needed (e.g. lost site) you can manually select (temporary) captain for it if there haven't been enough nodes to get consensus back. But if you take care of that manually, you must give it back manually as soon as situation is over. It cannot go back to normal situation without your manual steps.

r. Ismo

Who manages Splunk Captain and how?

configuration

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases