Splunk Search

My management URI is not showing correctly in the rest endpoint info


I am getting an incorrect value for the mgmt_uri value when accessing the rest endpoint /services/shcluster/status

This is on a search head node on a search head cluster on version 6.3.3

My server.conf shows the following:

disabled = 0
pass4SymmKey = $1$asdfasdfasdf
shcluster_label = PROD_SHC
id = 26FBD1A2-8388-43A2-A1FC-C2EA9C9021D6
mgmt_uri = https://myhost@domain.com:8089
conf_deploy_fetch_url = https://mydeployer@domain.com:18089
scheduling_heuristic = round_robin
replication_factor = 1
election = false
mode = captain
captain_uri = https://myhost@domain.com:8089
captain_is_adhoc_searchhead = false

alt text

Tags (1)
0 Karma


This answer suggests that management uri is read from memory in the case of Static Captain. https://answers.splunk.com/answers/339015/search-head-cluster-is-breaking-when-mgmt-uri-has.html

I had similar issues with Static Captain, and instead set dynamic election and preferred captain on the search head I wanted. $SPLUNK_HOME/etc/system/local/server.conf [shclustering] stanza looks like this:

conf_deploy_fetch_url = **REDACTED**
disabled = 0
mgmt_uri = **REDACTED**
pass4SymmKey = **REDACTED**
replication_factor = 2
id = **REDACTED**
adhoc_searchhead = true
preferred_captain = true
0 Karma


Background on this setup:
I have 2 search head nodes in a cluster. The captain is static.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...