Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to clean up a search head in a search head cluster?

sarahnazzar
Explorer
‎11-12-2019 09:16 PM

Hi Guys,

It would be helpful if anyone shares knowledge/provide steps about cleaning up a search head in a search head cluster environment.
I want to know what is cleaned up and what's the process and all.

Thanks in Advance!!
Sarah

0 Karma
Reply

sarahnazzar
Explorer
‎11-12-2019 10:00 PM

Actually my issue is when I push some changes to Search head cluster via deployer, those changes are not reflecting in some search heads and all the search heads are not in proper sync. So exploring about clean up.

Below is the error for reference,
Search head cluster member (https://xx.xx.xx.xx:xxxx) is having problems pushing configurations to the search head cluster captain (https://xx.xx.xx.xx:xxxx). Changes on this member are not replicating to other members.

0 Karma
Reply

wmyersas
Builder
‎12-09-2019 07:36 AM

If you have a good deployment strategy, the simplest thing to do is nuke-pave-reinstall the "misbehaving" cluster members

0 Karma
Reply

burwell
SplunkTrust
SplunkTrust
‎11-12-2019 09:49 PM

Hello. Can you say more about what you want to have cleaned up?

Are you talking about removing the knowledge objects? Scheduled searches? Users?

Reply

sarahnazzar
Explorer
‎11-12-2019 09:55 PM

I want to know if we clean up what will be removed from the Search head.. either everything present in the Search head or particular thing as you have mentioned(knowledge objects, Scheduled searches, Users etc..)

Also, It would be helpful if I get some steps regarding this.

0 Karma
Reply

sarahnazzar
Explorer
‎11-12-2019 10:12 PM

I'm getting below error, so was exploring about clean up and stuffs..

Search head cluster member (https://xx.xx.xxx.xx:xxxxx) is having problems pushing configurations to the search head cluster captain (https://xx.xx.xxx.xx:xxxxx). Changes on this member are not replicating to other members.

And If I push any changes via deployer, its not getting reflected on some of the search heads because of this.

0 Karma
Reply
Get Updates on the Splunk Community!

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...

Adoption of Infrastructure Monitoring at Splunk

  Splunk's Growth Engineering team showcases one of their first Splunk product adoption-Splunk Infrastructure ...