I can't find the documentation about locating the captain, but I need to do a rolling restart. The docs mention it has to be initiated from the captain. Please advise.
Thanks, Jennifer
The information is in docs.
splunk show shcluster-status -auth username:password
As not all instances allow for CLI access, such as Splunk Cloud, you may also query the captain from the Search GUI.
| rest /services/shcluster/status splunk_server=local
| fields captain.label
If you're trying to get the captain for programatic purposes, as I am, you can either use the API, like so:
curl -s -XGET -u "admin:${SPLUNK_PASSWORD}" \
"https://${SPLUNK_ENDPOINT}/services/shcluster/status?output_mode=json" | \
jq -r '.entry[0].content.captain.label'
Or if you can't install jq
, you can do something like:
/opt/splunk/bin/splunk show shcluster-status -auth 'admin:${SPLUNK_PASSWORD}' | \
grep label | head -n1 | cut -d ":" -f2 | xargs
The information is in docs.
splunk show shcluster-status -auth username:password