Deploy search head cluster

siemteam · ‎01-17-2019

Hello,

I'm deploying a search head cluster and I have a doubt about the steps described on the following link:

https://docs.splunk.com/Documentation/Splunk/7.2.1/DistSearch/SHCdeploymentoverview

I understand that server.conf file is the file that you can find on /opt/splunk/etc/system/default folder, it's ok?

On this file I can see too the configuration line "disabled=true" but documentation don't specify as necesary modify this flag, it's ok or should I change to false?

Thanks

dkeck · ‎01-17-2019

HI,

you do not want to change server.conf in /opt/splunk/etc/system/default. If you want to change config in server.conf than create a new server.conf in /opt/splunk/etc/system/local and change only the stanzas that are neccessary. Do not copy the whole default/sever.conf content.

Kind Regards

siemteam · ‎01-21-2019

Thanks for your answer.

And what about "dissabled=true"?

dkeck · ‎01-21-2019

just follow the steps in the manual that you liked and you should be fine

Depends where in server.conf this was set, but if it was set in default server.conf could have its right to be there, If the manual it not teling you to change this, then dont.

dkeck · ‎01-17-2019

Did this work for you ?

if it helped please accept the question 🙂

Deploy search head cluster

Introducing the Splunk Community Dashboard Challenge!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...