Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to add search peers in a search head cluster?

daniel333
Builder
‎12-28-2015 02:50 PM

Is there a trick to adding search peers with a search head cluster? I have to add 20 new indexers very soon and I don't want to have to goto each SH GUI over and over. Assuming there is a script somewhere I should be running?

0 Karma
Reply

lguinn2
Legend
‎12-28-2015 06:38 PM

You could do this:

  1. Create a new app on the deployer. In the local directory of the app, create a file names distsearch.conf
  2. In distsearch.conf, list all the search peers (including the existing ones)
  3. Use the deployer to distribute the app to the search heads.

Here is some info on creating/editing distsearch.conf

Reply

jplumsdaine22
Influencer
‎12-29-2015 02:47 AM

(facepalm) I wish they put that in the documentation 🙂

0 Karma
Reply

daniel333
Builder
‎12-29-2015 03:04 PM

Hey yes, the manual key exchange is what I am trying to avoid. Assuming there is a script or something that we should be using?

Distribute the key files
If you add search peers via Splunk Web or the CLI, Splunk Enterprise automatically configures authentication. However, if you add peers by editing distsearch.conf, you must distribute the key files manually. After adding the search peers and restarting the search head, as described above:

  1. Copy the file $SPLUNK_HOME/etc/auth/distServerKeys/trusted.pem from the search head to $SPLUNK_HOME/etc/auth/distServerKeys//trusted.pem on each search peer.

The is the search head's serverName, specified in server.conf.

  1. Restart each search peer.
0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...