Splunk Search

Search Heads in cluster are not able to replicate properly

MousumiChowdhur
Contributor

Hi!

There are 2 search heads in our production cluster. We have implemented Alert Manager app in our SH and it incorporates alert manager specific lookups,Data Models and event types. Some of the functionalities of this app and dashboards are not getting replicated properly in all our search heads. In addition to this we are also facing few scenario's where the dashboards data are not getting replicated properly.

We have increased the distsearch's default size to 3 Gb but still some times we have to face the above issue.

0 Karma
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi MousumiChowdhury,
remember that not all the objects are replicated between Search Heads, only the "Knowledge" part (Left Up) of the Settings Panel.
Which functionlities aren't replicated?
Bye.
Giuseppe

View solution in original post

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi MousumiChowdhury,
remember that not all the objects are replicated between Search Heads, only the "Knowledge" part (Left Up) of the Settings Panel.
Which functionlities aren't replicated?
Bye.
Giuseppe

0 Karma

MousumiChowdhur
Contributor

Hi,

I'm not able to see few of the dashboard panels data. When a user logs in through DNS and searches for a dashboard, his request hits either of the search heads. If it hits where dashboard or panel data is not replicated, he is not able to see anything in this case. Whereas, If the request hits the SH where data is present, user is able to see data in the dashboard.

0 Karma

MousumiChowdhur
Contributor

Hi Cusello,

I have found that, my lookups are not getting replicated between search heads. On one of my search heads the number of lookups are more than that of the other search head.

0 Karma

gcusello
SplunkTrust
SplunkTrust

Yes this is the result of unallignment of Search Heads.
You should understand which are the Knowledge Objects of Alert Manager App not replicated between SearchHeads.
Bye.
Giuseppe

0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...