I have splunk setup in multiple environments (DEV/TST/PRD) with their own SearchHead, Deployment Servers, License Servers and Indexer Clusters in Docker on Kubernetes.
The issue I'm having is registering the Indexer Clusters on the SearchHead. Each environment has a different setup and configuration for the Clusters and we need to be able to dynamically configure the docker containers via CLI to add/remove "Cluster Masters".
Example (server.conf):
[clustering]
mode = searchhead
master_uri = clustermaster:dev
[clustermaster:us-central1-dev]
multisite=false
pass4SymmKey = pass4SymmKey0
master_uri=https://cluster-master.splunk.dev:8089
[clustermaster:us-central1-tst]
multisite=false
pass4SymmKey = pass4SymmKey1
master_uri=https://cluster-master1.splunk.tst:8089
[clustermaster:us-east1-tst]
multisite=false
pass4SymmKey = pass4SymmKey2
master_uri=https://cluster-master2.splunk.tst:8089
What we'd like to do, and I've tried to do is:
splunk edit cluster-master clustermaster:dev -master_uri clustermaster:tst1, clustermaster:tst2
to get:
[clustering]
mode = searchhead
master_uri = clustermaster:tst1,clustermaster:tst2
but that doesn't really work. Maybe I'm missing something on the commandline, but I get "invalid URI" for those and it doesn't do what I want to be able to do.
... View more