Splunk Search

Search Heads in cluster are not able to replicate properly

MousumiChowdhur
Contributor

Hi!

There are 2 search heads in our production cluster. We have implemented Alert Manager app in our SH and it incorporates alert manager specific lookups,Data Models and event types. Some of the functionalities of this app and dashboards are not getting replicated properly in all our search heads. In addition to this we are also facing few scenario's where the dashboards data are not getting replicated properly.

We have increased the distsearch's default size to 3 Gb but still some times we have to face the above issue.

0 Karma
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi MousumiChowdhury,
remember that not all the objects are replicated between Search Heads, only the "Knowledge" part (Left Up) of the Settings Panel.
Which functionlities aren't replicated?
Bye.
Giuseppe

View solution in original post

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi MousumiChowdhury,
remember that not all the objects are replicated between Search Heads, only the "Knowledge" part (Left Up) of the Settings Panel.
Which functionlities aren't replicated?
Bye.
Giuseppe

0 Karma

MousumiChowdhur
Contributor

Hi,

I'm not able to see few of the dashboard panels data. When a user logs in through DNS and searches for a dashboard, his request hits either of the search heads. If it hits where dashboard or panel data is not replicated, he is not able to see anything in this case. Whereas, If the request hits the SH where data is present, user is able to see data in the dashboard.

0 Karma

MousumiChowdhur
Contributor

Hi Cusello,

I have found that, my lookups are not getting replicated between search heads. On one of my search heads the number of lookups are more than that of the other search head.

0 Karma

gcusello
SplunkTrust
SplunkTrust

Yes this is the result of unallignment of Search Heads.
You should understand which are the Knowledge Objects of Alert Manager App not replicated between SearchHeads.
Bye.
Giuseppe

0 Karma
Get Updates on the Splunk Community!

Splunk is Nurturing Tomorrow’s Cybersecurity Leaders Today

Meet Carol Wright. She leads the Splunk Academic Alliance program at Splunk. The Splunk Academic Alliance ...

Part 2: A Guide to Maximizing Splunk IT Service Intelligence

Welcome to the second segment of our guide. In Part 1, we covered the essentials of getting started with ITSI ...

Part 1: A Guide to Maximizing Splunk IT Service Intelligence

As modern IT environments continue to grow in complexity and speed, the ability to efficiently manage and ...