Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why am I unable to delete search peers from the Distributed Management Console?

saurabh009
Path Finder
‎01-23-2017 07:59 AM

Hi,
I am unable to remove search peers from the Distributed Management Console. When I try to remove it from Splunk Web, i get below error:-

Error occurred attempting to remove XXX.XXX.XXX.XX:8089(intentionally masked): Cannot remove peer=https://XXX.XXX.XXX.XX:8089.

This peer is a part of a search head cluster. I have already removed the cluster master from the search peer list. I also tried removing it from splunk_home/etc/system/local/distsearch.conf.
Tried removing using CLI command 

splunk remove search-server -auth admin:password XXX.XXX.XXX.XX:8089

but it gives same error and peer persist in the search peer list.
Please let me know how I can remove all search peers which are part of the cluster.

Thanks

Reply
1 Solution
Solved! Jump to solution
Solution

skalliger
Motivator
‎01-23-2017 09:03 AM

You're mixing up a few terms here. A search peer is an indexer. An indexer is not part of a search head cluster. So, do you want to remove a search peer from your indexer cluster or do you want to remove a search head cluster member?

Depending on your answer, the commands are quite different.
For a search head, you can either use

splunk remove shcluster-member

on your search head (not allowed if it is a captain) or

splunk remove shcluster-member -mgmt_uri <URI>:<management_port>

https://docs.splunk.com/Documentation/Splunk/6.5.1/DistSearch/Removeaclustermember

If it is an indexer, you have to stop it first and then use a command from the master:

splunk remove cluster-peers -peers <guid>

https://docs.splunk.com/Documentation/Splunk/6.5.1/Indexer/Removepeerfrommasterlist

Skalli

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

skalliger
Motivator
‎01-23-2017 09:03 AM

You're mixing up a few terms here. A search peer is an indexer. An indexer is not part of a search head cluster. So, do you want to remove a search peer from your indexer cluster or do you want to remove a search head cluster member?

Depending on your answer, the commands are quite different.
For a search head, you can either use

splunk remove shcluster-member

on your search head (not allowed if it is a captain) or

splunk remove shcluster-member -mgmt_uri <URI>:<management_port>

https://docs.splunk.com/Documentation/Splunk/6.5.1/DistSearch/Removeaclustermember

If it is an indexer, you have to stop it first and then use a command from the master:

splunk remove cluster-peers -peers <guid>

https://docs.splunk.com/Documentation/Splunk/6.5.1/Indexer/Removepeerfrommasterlist

Skalli

0 Karma
Reply
Solved! Jump to solution

saurabh009
Path Finder
‎01-23-2017 09:43 AM

Thanks,

I am able to remove it from the DMC peer list by removing cluster masters from /system/local/server.conf.

Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

What are Community Office Hours?Community Office Hours is an interactive 60-minute Zoom series where ...

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

A Prelude to .conf25: Your Guide to Splunk University

Heading to Boston this September for .conf25? Get a jumpstart by arriving a few days early for Splunk ...